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Abstract 


Linear  logic  presents  a  unified  framework  for  describing  and  reasoning  about  stateful 
systems.  Because  of  its  view  of  hypotheses  as  resources,  it  supports  such  phenomena  as 
concurrency,  external  and  internal  choice,  and  state  transitions  that  are  common  in  such 
domains  as  protocol  verification,  concurrent  computation,  process  calculi  and  games. 
It  accomplishes  this  unifying  view  by  providing  logical  connectives  whose  behaviour 
is  closely  tied  to  the  precise  collection  of  resources.  The  interaction  of  the  rules  for 
multiplicative,  additive  and  exponential  connectives  gives  rise  to  a  wide  and  expressive 
array  of  behaviours.  This  expressivity  comes  with  a  price:  even  simple  fragments  of  the 
logic  are  highly  complex  or  undecidable. 

Various  approaches  have  been  taken  to  produce  automated  reasoning  systems  for  frag¬ 
ments  of  linear  logic.  This  thesis  addresses  the  need  for  automated  reasoning  for  the  com¬ 
plete  set  of  connectives  for  first-order  intuitionistic  linear  logic  (0, 1,  -°,  &,  T,  0, 0, !,  V,  3), 
which  removes  the  need  for  any  idiomatic  constructions  in  smaller  fragments  and  instead 
allows  direct  logical  expression.  The  particular  theorem  proving  technique  used  is  a  novel 
combination  of  a  variant  of  Maslov's  inverse  method  using  Andreoli's  focused  derivations 
in  the  sequent  calculus  as  the  underlying  framework. 

The  goal  of  this  thesis  is  to  establish  the  focused  inverse  method  as  the  premier  means 
of  automated  reasoning  in  linear  logic.  To  this  end,  the  technical  claims  are  substantiated 
with  an  implementation  of  a  competitive  first-order  theorem  prover  for  linear  logic  -  as 
of  this  writing,  the  only  one  of  its  kind. 
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Chapter  1 


Introduction 


1.1  Thesis 

The  combination  of  the  inverse  method  and  focused  derivations  gives  a  viable  and  efficient  means 
of  automated  proof  search  in  first-order  linear  logic. 


1.2  Motivation 

This  thesis  is  devoted  to  building  a  general  theorem  prover  for  linear  logic  |i42|  using 
the  inverse  method  |[73l  11161.  Linear  logic  differs  from  natural  logic  by  disallowing  the 
structural  operations  of  weakening  and  contraction,  either  as  rules  of  inference  or  as 
admissible  structural  theorems.  The  number  of  occurrences  of  hypotheses  thus  plays  a 
critical  role  in  the  proof  theory,  allowing  encodings  of  precise  counting  semantics.  A 
linear  hypothesis  must  have  exactly  one  use  in  a  proof,  which  supports  a  view  of  a  linear 
assumptions  as  resources,  and  proofs  as  consumers  of  such  resources.  This  thesis  is  primarily 
concerned  with  intuitionistic  linear  logic,  which  maintains  a  separation  between  plural 
resources  and  singular  conclusion,  breaking  the  symmetry  present  in  classical  linear  logic, 
but  making  finer  distinctions  between  some  connectives  (for  instance,  &  and  ©  are  not 
definable  in  terms  of  each  other)  and  disallowing  some  classical  connectives  such  as 
multiplicative  disjunction  (^j.  Of  particular  import  is  the  elevation  of  linear  implication 
(-°)  to  the  status  of  a  logical  connective  independent  of  other  connectives. 


7 


The  richness  of  intuitionistic  linear  logic  makes  the  theorem  proving  problem  harder 
than  for  classical  linear  logic;  however,  there  is  no  fundamental  reason  why  the  approaches 
in  this  thesis  cannot  apply  to  the  classical  case.  Additionally,  the  theory  of  proofs  for 
intuitionistic  linear  logic,  and  particularly  checking  these  proofs  efficiently,  is  very  well 
understood  and  forms  the  core  of  logical  frameworks  such  as  CLF  |[117||.  Needless  to  say, 
producing  checkable  proofs  increases  confidence  in  the  theorem  proven  The  different 
set  of  connectives  in  intuitionistic  linear  logic  does  not  make  it  any  less  expressive  than 
classical  linear  logic  |I27|. 

The  linear  view  of  assumptions  as  resources  has  led  to  various  applications  in  rea¬ 
soning  about  state;  for  example,  planning  (finite  and  infinite  state)  11711,  protocol  verifica¬ 
tion  mmm,  concurrent  computation  0,  process  calculi  ||ZZL  Petri-nets  |[20l,  security 
protocols  112511  and  games  [62;  [6J.  It  is  remarkable  that  linear  logic  serves  as  a  uniform 
language  for  such  diverse  systems.  Automated  deduction  for  linear  logic  therefore  has 
wide-ranging  appeal.  Besides  allowing  a  direct  analysis  of  the  logic  of  systems,  linear 
logic  offers  a  foundational  account  of  such  phenomena  as  internal/external  choice  or  true 
concurrency  that  occur  naturally  in  stateful  concurrent  systems.  Such  phenomena  have 
to  be  engineered  into  other  descriptive  frameworks,  such  as  CCS  processes,  without  clear 
logical  motivations,  and  often  requires  operations  such  as  predicate  abstraction  Il47l  in 
order  to  obtain  tractable  model  checking  problems.  These  frameworks  must  therefore 
be  understood  as  indirect  reasoning  systems;  in  fact,  they  are  not  in  competition  with 
automated  theorem  proving,  but  rather  present  a  wealth  of  alternative  approaches  for 
situations  where  theorem  provers  fail  to  perform  efficiently.  Logical  reasoning,  however, 
should  come  first. 

The  novelty  of  automated  theorem  proving  in  linear  logic  lies  in  handling  resources 
efficiently  -  the  resource  management  problem.  The  source  of  this  problem  is  the  lack  of 
structural  weakening  and  contraction,  which  makes  even  propositional  linear  logic  un- 
decidable  11681.  Resource  management  for  backward  linear  logic  programming  has  been 
thoroughly  examined  for  the  languages  Lygon  |[3j,  where  resource  management  is  trans¬ 
lated  to  Boolean  constraint  solving,  and  Lolli  B53ll22l.  which  gives  an  algorithmic  solution 
for  a  large  fragment  of  intuitionistic  linear  logic.  The  examination  of  resource  manage¬ 
ment  in  the  present  work  derives  its  inspiration  from  the  latter  of  the  two  approaches, 
though  the  situation  for  forward  search  turns  out  to  be  very  different.  In  fact,  the  defining 
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resource  management  problem  in  the  backward  direction  turns  out  to  be  entirely  absent 
in  the  forward  direction.  (For  details,  see  section  3.1  ) 

The  particular  forward  search  strategy  we  use  is  the  inverse  method  Il73ll35ll.  The  inverse 
method  is  a  generalisation  of  resolution  1 1 02 , 84-1 83"]  that  applies  to  a  wide  variety  of  logics, 
unlike  resolution  which  only  works  for  classical  logic.  Indeed,  the  inverse  method  can  be 
seen  to  be  logic-independent  because  it  has  very  minimal  requirements:  a  sequent  calculus 
with  the  subformula  property.  A  brief  sketch  of  the  inverse  method  follows.  First,  the 
given  goal  sequent  ("query")  is  fixed,  and  initial  sequents  for  atomic  propositions  that 
occur  both  as  positive  and  negative  subformulas  of  the  goal  sequent  (see  defn.  4.4).  Next, 
the  inference  rules  of  the  logic  are  specialised  to  the  subformulas  of  the  goal  sequent 
such  that  the  principal  formula  in  all  inference  rules  is  a  subformula  of  the  goal  sequent. 
These  rules  are  then  used  to  construct  new  sequents  by  matching  the  premisses  against 
previously  derived  sequents.  New  sequents  that  are  not  simply  instances  of  sequents 
derived  earlier  are  themselves  then  used  in  the  inference  rules  to  derive  newer  sequents. 
Eventually,  assuming  the  search  strategy  is  complete,  either  the  goal  sequent  is  derived,  or 
the  search  space  is  saturated  and  the  goal  sequent  is  found  to  be  unprovable.  The  inverse 
method  is  thus  a  member  of  a  general  class  of  saturation-based  search  procedures. 


The  choice  of  the  inverse  method  in  this  thesis  is  further  motivated  by  the  many  desir¬ 
able  properties  of  forward  reasoning.  Prime  among  these  properties  is  localized  nature  of 
forward  sequents;  sequents  in  disjoint  branches  of  a  derivation  share  no  existential  vari¬ 
ables.  In  fact,  the  lack  of  multiplicative  resource  non-determinism  in  the  forward  direction 
can  be  seen  as  another  aspect  of  locality  -  resource  consumption  is  not  allowed  to  affect 
disjoint  branches.  From  an  implementation  standpoint,  locality  allows  many  transparent 
and  logically  motivated  optimisations.  For  example,  because  search  in  the  inverse  method 
is  free  of  backtracking,  existential  variables  need  not  maintain  local  "undo"  histories.  A 
related  property  is  that  sharing  of  derivations  is  immediate  in  forward  reasoning,  and 
fair  exploration  strategies  in  the  forward  direction  will  generally  find  shorter  proofs  than 
backward  reasoning.  For  this  reason,  forward  reasoning  often  gives  decision  procedures 
for  fragments  of  the  logic  that  are  not  as  easily  decided  in  backward  search.  Backward 
search  lends  itself  well  to  eager  exploration  strategies  in  the  tradition  of  logic  program¬ 
ming.  Extending  this  kind  of  search  for  general  theorem  proving  requires  sophisticated 
loop  detection  and  suspension  algorithms.  The  arguments  for  forward  reasoning  are 
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presented  in  more  detail  in  chapter  |4j 


1.3  Contributions 

A  primary  contribution  of  this  thesis  is  to  construct  an  inverse  method  theorem  prover 
that  accounts  for  all  the  connectives  of  first  order  linear  logic.  Although  linear  logic 
is  already  about  nineteen  years  old,  a  satisfactory  theorem  prover  for  the  full  logic  is 
lacking.  There  have  been  many  attempts  to  create  automated  deduction  systems  for 
various  fragments  of  linear  and  affine  logic,  both  classical  and  intuitionistic,  but  these 
systems  all  necessitate  adapting  to  the  lack  of  all  linear  connectives.  The  nineteen  years 
of  experience  have,  therefore,  seen  the  emergence  of  common  idioms  in  encoding  linear 
theories  in  fragments  such  as  hereditary  Harrop  formulas  that  virtually  all  linear  logic 
programming  engines  support.  These  idioms  necessarily  sacrifice  the  structure  of  proofs, 
for  example,  by  selecting  particular  serialisations  of  concurrent  behaviour,  as  is  standard 
in  continuation-passing-style  and  related  encodings. 

In  this  thesis,  we  answer  the  general  theorem  proving  problem  for  all  linear  connec¬ 
tives,  without  any  idiomatic  commitments.  Of  course,  any  use  of  a  general  theorem 
prover  does  not  preclude  limiting  one's  use  to  a  fragment  of  the  logic.  Indeed,  it  has 
been  remarked  for  theories  that  fall  in  such  well  behaved  fragments  that  it  might  be  pos¬ 
sible  to  improve  the  efficiency  of  the  inverse  method  search  procedure  by  incorporating 
hyper-resolution  strategies;  see,  for  example,  Tammet's  treatment  of  classical  logic  in  the 
Gandalf  prover  11081.  Such  specialised  strategies  have  practical  benefits,  but  they  are  not 
very  satisfactory  from  both  design  and  engineering.  Furthermore,  it  is  a  denouncement 
of  the  versatility  of  the  inverse  method  if  one  were  simply  to  abandon  it  for  a  radically 
different  procedure  at  times.  Instead,  the  work  in  this  thesis  was  motivated  by  a  question 
posed  by  Pfenning  at  its  inception:  can  strategies  such  as  hyperresolution  be  explained  in 
terms  of  the  inverse  method? 

This  thesis  gives  a  substantial  answer  to  this  question.  Looking  at  the  behaviour  of 
an  inverse  method  prover  in  practice,  the  bottleneck  always  is  the  size  of  the  sequent 
database.  As  the  sequents  in  the  database  are  considered  for  generation  of  new  sequents, 
as  the  number  of  sequents  in  the  database  increases,  it  has  the  effect  of  slowing  down  rule 
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applications  as  there  are  a  larger  number  of  possible  premisses  to  check  for  every  rule. 
Additionally,  the  dominant  operation  in  the  prover  soon  becomes  the  task  of  detecting 
when  a  newly  constructed  sequent  is  globally  new  (i.e.,  not  subsumed  by  another  sequent 
in  the  database).  Of  course,  in  any  saturation-based  approach  this  problem  is  technically 
unavoidable,  but  the  impetus  of  design  for  such  provers  should  be  to  reduce  the  size  of 
the  database. 

Our  answer  is  to  combine  the  inverse  method  with  the  notion  of  focused  derivations  |j7j|. 
Focused  derivations  arose  in  the  context  of  logic  programming  as  a  way  of  refining  proof 
search  into  phases.  Each  phase  of  the  search  consisted  either  of  only  asynchronous  steps 
where  non-determinism  was  immaterial,  or  of  only  synchronous  steps  where  key  choices 
have  to  be  made.  Focusing  was  thus  a  way  of  making  "big  step"  derivations:  pairs  of 
synchronous  and  asynchronous  steps  could  be  thought  of  as  a  large  derived  rule.  In  this 
work  we  make  the  observation  that  these  derived  inference  rules  constructed  by  focusing 
can  also  be  used  to  do  forward  search  in  big  steps.  Thus,  the  intermediate  results  that  are 
internal  to  the  phases  of  a  focused  derivations  do  not  have  to  be  explicitly  constructed  or 
stored  in  a  sequent  database.  This  reduces  the  size  of  the  sequent  database,  which  is  the 
main  bottleneck  in  the  inverse  method.  Because  a  focusing  inverse  method  prover  is  able 
to  make  much  larger  inferences  in  much  fewer  steps,  it  is  able  to  explore  the  search  space 
much  more  efficiently.  In  our  experiments,  we  routinely  observed  the  focusing  prover 
outperforming  the  non-focusing  ("small-step")  prover  by  several  orders  of  magnitude. 

In  this  thesis  we  reconstruct  focused  derivations  from  first  principles.  The  resulting 
calculus  is  both  simpler  and  more  efficient  than  other  focusing  calculi  that  have  been 
proposed  for  intuitionistic  logics  |j57fl.  In  particular,  we  highlight  the  important  concept  of 
focusing  bias  for  atomic  propositions  and  the  effect  the  choice  of  bias  has  on  the  derived 
rules  generated  during  focusing.  In  chapter  [6]  we  show  how  one  choice  of  bias  gives  rise 
to  hyperresolution,  a  forward-chaining  strategy,  whereas  the  opposite  choice  gives  rise  to 
SLD-resolution,  a  backward-chaining  strategy.  Focusing  bias  can  therefore  be  seen  as  a 
logical  explanation  for  the  operational  notions  of  forward  or  backward  chaining,  and  we 
are  able  to  combine  both  operations  in  a  seamless  manner  just  by  selecting  appropriate 
biases  for  the  atomic  propositions.  In  chapter  [7]  we  show  that  proper  selection  of  focusing 
bias  can  significantly  improve  the  performance  of  the  prover. 

The  work  in  this  thesis  is  supported  by  an  implementation  of  a  competitive  theorem 
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prover  for  intuitionistic  first-order  linear  logic.  Of  course,  the  field  of  competition  is 
currently  sparse — no  other  theorem  prover  exists  for  first-order  linear  logic,  for  example — 
but  we  are  able  to  provide  evidence  for  the  merit  of  the  focused  inverse  method  by  internal 
comparisons  with  variant  implementations.  The  results  of  these  experiments  have  caused 
the  author  to  undergo  a  kind  of  religious  conversion,  as  he  now  zealously  preaches  that 
focused  derivations  be  used  as  a  matter  of  course  in  all  future  automated  reasoning 
systems,  be  they  backward-  or  forward-reasoning. 


1.4  Structure  of  the  thesis 

Chapter  [2] presents  the  background  of  this  thesis.  The  backward  sequent  calculus  for  the 
full  logic  is  presented  in  increments,  including  an  extension  with  the  possibility  judge¬ 
ment  of  JILL  1271.  The  key  presentational  component  of  this  chapter  is  the  proof  of 
cut-elimination  for  the  full  logic  that  is  presented  constructively  as  a  computation  on  se¬ 
quent  derivations  in  what  is  now  known  as  the  "structural  cut  elimination"  method  11921. 
This  chapter  ends  with  a  discussion  of  proof-presentation  as  normal  natural  deduction 
proofs.  Subsequent  chapters  build  up  to  a  forward  calculi  for  this  full  logic. 

Chapter  [3]  introduces  the  forward  sequent  calculus  for  the  propositional  fragment 
of  the  logic.  Here  we  see  the  first  important  concept  necessary  for  forward  reasoning  in 
linear  logic-  that  of  weak  sequent s.  This  forward  calculus  annotated  with  weakenable  linear 
contexts  is  proven  sound  and  complete  with  respect  to  the  propositional  backward  sequent 
calculus  of  chapter  |2j  This  chapter  ends  with  a  discussion  of  two  major  optimisations. 
The  first  of  these  is  independent  of  the  propositional  nature  of  this  logic  and  deals  with  a 
heuristic  for  handling  locally  affine  theories.  The  second  optimisation  discusses  the  benefit 
of  actively  preventing  redundant  sequents  from  being  constructed,  but  the  development 
advanced  in  this  chapter  is  only  feasible  in  the  propositional  case.  The  propositional 
variant  of  the  li  prover  (i.e.,  lip)  uses  this  irredundant  formulation  even  though  the  idea 
does  not  generalise  to  the  first-order  or  focusing  cases. 

Chapter  [i]  presents  the  inverse  method  procedure  that  uses  the  propositional  forward 
calculus  of  chapter[3j  The  subformula  property  is  highlighted,  and  the  method  of  special¬ 
ising  rules  to  subformulas  is  explained  in  this  chapter.  The  primary  technical  contribution 
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of  this  chapter  has  to  do  with  the  representation  of  sequents  and  the  details  of  the  lazy 
OTTER  loop. 

Chapter  [5] extends  the  propositional  calculus  of  earlier  sections  with  first-order  quan¬ 
tification.  The  structure  of  this  chapter  follows  the  "recipe"  outlined  in  [j35|  by  first 
presenting  a  ground  version  of  the  forward  calculus,  and  then  lifting  it  to  a  calculus  with 
free  variables  and  unification.  Although  the  procedure  is  fairly  standard,  the  interactions 
of  this  procedure  with  linear  logic,  particularly  the  additive  connectives,  are  contributions 
of  this  work. 

Chapter  [6] is  the  key  contribution  of  this  thesis.  In  this  chapter,  a  calculus  of  focused 
derivations  is  reconstructed  from  first  principles.  The  notion  of  focusing  bias  presented 
in  this  chapter  is  a  version  of  a  similar  observation  made  by  Andreoli  for  classical  linear 
logic  0,  but  was  extended  to  intuitionistic  linear  logic  in  this  work.  This  chapter  also 
presents  a  novel  proof  of  completeness  of  the  focusing  calculus  with  respect  to  the  non¬ 
focusing  calculus  (of  chapter  [2])  by  means  of  cut-elimination.  A  calculus  of  (backward) 
derived  inference  rules  is  then  formally  extracted  from  this  focusing  calculus;  subse¬ 
quently  the  forward  version  of  this  calculus  is  presented  and  proved  sound  and  complete 
with  respect  to  the  backward  calculus.  Finally,  the  details  of  combining  derived  inference 
rules  with  many  premisses  with  the  inverse  method  is  presented.  We  then  examine  a  few 
translations:  the  first  of  these  shows  that  a  focusing  sequent  calculus  for  natural  (non¬ 
linear)  logic  can  be  translated  to  the  linear  setting  while  preserving  the  focusing  structure 
of  proofs.  Finally,  we  explain  how  hyperresolution  and  SFD  resolution  arise  naturally  as 
differently  biased  variants  of  the  focusing  calculus. 

Chapter  [7]  presents  the  implementation  of  the  calculi  of  earlier  chapters  and  the  re¬ 
sults  of  a  number  of  experiments.  Every  variant  mentioned  in  this  thesis,  including  the 
left-biased  and  right-biased  version  of  the  focusing  calculi,  has  been  implemented  and 
compared  on  suitable  examples.  As  mentioned  previously,  the  possibilities  for  external 
comparisons  is  limited  because  of  the  small  number  of  provers  that  exist  for  linear  logic; 
therefore,  much  of  the  experimental  validation  of  the  claims  of  this  thesis  comes  from 
internal  comparisons. 

Chapter[8]summarises  the  conclusions  of  this  thesis  and  briefly  discusses  future  work. 
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1.5  Literature  survey 


1.5.1  Automated  reasoning  approaches  based  on  logic  programming 

Resource  management  has  a  relatively  long  history  given  the  age  of  linear  and  sub- 
structural  logics,  with  the  earliest  identification  of  this  issue  in  uniform  proof  search 
dating  back  to  the  work  of  Harland  and  Pym  in  1991  Ii48l  (see  also  189811.  Their  approach 
centred  on  rewriting  the  hereditary  Harrop  fragment  of  linear  logic  in  a  clausal  form 
suitable  for  resolution  search.  Although  they  stopped  short  of  identifying  the  resource 
management  problem  as  such,  they  did  give  an  outline  of  a  solution  for  multiplicative 
resource  non-determinism,  which  revolved  around  constructing  non-linear  proto-proofs 
and  a  subsequent  pass  that  reconstructs  a  linear  proof.  Central  to  this  idea  was  an  attempt 
to  delay  splitting  the  linear  context  as  long  as  possible.  In  subsequent  work  they  explored 
the  implementation  details  of  their  lazy  algorithm,  which  eventually  led  to  an  elegant 
formulation  of  uniform  proof  search  in  terms  of  Boolean  constraints  Il49ll.  This  system  has 
since  been  implemented  in  the  logic  programming  language  Lygon  f3|. 

Hodas  and  Miller  took  a  different  approach  to  linear  logic  programming  Ii53l  [56l. 
Instead  of  treating  it  as  a  restriction  of  general  backward  proof  search,  they  set  out  to 
discover  a  specific  solution  and  expose  it  directly  in  the  proof  theory  of  Lolli.  In  subsequent 
work,  Cervesato  et  al  ||22f  have  extended  the  approach  to  handle  resource  management 
efficiently  in  the  presence  of  the  additive  conjunction  &.  The  weakening  annotation 
described  in  the  present  work  bears  a  strong  resemblance  to  a  similar  notation  in  11221. 
although  the  interpretation  differs  considerably  because  of  the  different  nature  of  forward 
search. 

Linear  logic  programming  has  also  been  examined  from  the  perspective  of  specification 
languages,  first  by  Miller  in  the  system  Forum  lf78H  and  Andreoli  in  the  system  LinLog  0. 
The  latter  work,  in  fact,  introduced  the  dyadic  notation  for  resources  used  extensively  in 
the  present  work.  More  recently,  Cervesato  and  Pfenning  B24l  have  attempted  to  provide 
a  sound  type-theoretic  foundation  to  linear  logic  programming  in  terms  of  extensions  to 
the  LF  logical  framework  H5T11.  Watkins  et  al  have  further  extended  this  line  of  work  by 
giving  a  manifestly  decidable  equational  theory  for  an  extension  of  LF  with  a  monad  for 
concurrency  [i  lT7l  [2511 . 
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1.5.2  General  theorem  proving 


All  the  systems  described  so  far  have  been  restrictions  of  classical  or  intuitionistic  linear 
logic  for  particular  domains.  The  general  theorem-proving  problem  for  the  full  classical 
linear  logic  has  been  investigated  by  Mints  in  the  style  of  resolution  theorem  proving  H83]|. 
Mints  did  not  identify  or  provide  a  solution  to  the  resource  management  problem;  in¬ 
deed,  his  original  calculus  was  unimplementable  as  a  standard  resolution  theorem  prover 
because  it  had  clauses  containing  an  undetermined  collection  of  resources.  (This  prob¬ 
lem  closely  resembles  structural  resource  non-determinism  identified  in  section  3.1  )  To 
mitigate  this  problem.  Mints  provided  a  general  strategy  to  delay  uses  of  such  clauses  as 
late  as  possible,  and  this  line  was  further  investigated  by  Tammet  H1101,  who  discovered 
many  permissible  permutations  of  rules,  making  Mints's  calculus  implementable.  How¬ 
ever,  Tammet  did  not  present  the  resource  management  issues  in  isolation  from  particular 
resolution  strategies. 


1.5.3  Other  logics  for  stateful  systems 

Approaches  based  on  rewriting  logic  Rewrite  systems  like  ELAN  12  and  Maude  0 
have  been  considered  for  specifications  of  stateful  systems.  In  fact,  Maude  is  powerful 
enough  to  encode  LinLog  Q,  and  has  been  used  to  give  a  general  and  logical  treatment 
for  planning  domains  l711.  More  sophisticated  approaches  based  on  multi-set  rewrite 
systems  have  been  employed  by  Cervesato  li2Tl  to  model  cryptographic  authentication 
protocols.  Such  systems  are  easily  embedded  in  a  fragment  of  the  CLF  framework  H1171. 
where  the  existential  quantification  used  to  model  nonces  in  MSR  is  translated  to  a  similar 
construct  in  CLF. 

Multiset  rewrite  systems  have  also  been  studied  extensively  by  Bozzano  for  his  PhD 
thesis  in  the  context  of  model  checking  approaches  for  unbounded  state  systems  11141. 
Instead  of  traditional  approaches  based  on  finite  abstraction,  using  human  input  or  more 
automated  methods,  Bozzano  translates  the  verification  problem  to  a  the  language  LO  0 
parametrised  over  constraint  domains  such  as  Herbrand  universes.  Bozzano  extended  LO 
with  universal  quantification,  and  gave  a  top  down  saturation-based  inference  mechanism 
that  was  shown  to  be  a  decision  procedure  for  interesting  domains.  Bozzano  and  Delzanno 
have  since  explored  many  model  checking  approaches  using  similar  methods;  for  a  survey. 


15 


see  HT6l. 


Approaches  based  on  temporal  or  modal  logics  An  increasingly  popular  class  of  system 
specifications  has  used  temporal  logics  like  TLA  |[76l,  LTL  or  CBL,  to  model  the  evolu¬ 
tionary  behaviour  of  concurrent  systems.  Temporal  logic  allows  expressive  descriptions 
of  behaviour  such  as  "eventually  always  P"  or  "infinitely  often  P".  Systems  such  as 
Lamport's  TLA  are  not  designed  with  automation  as  their  primary  aim;  rather,  they  are 
intended  to  engage  engineers  in  the  act  of  writing  formal  specifications.  Nevertheless, 
TLA  endowed  with  a  variant  of  ZF  set-theory  (also  known  as  TLA+)  does  allow  for  a 
rudimentary  kind  of  model  checking.  Insofar  as  specifications  in  TLA+  are  systematically 
constructed  in  the  so-called  standard  form,  they  resemble  specifications  one  might  as  well 
have  written  in  linear  logic. 

1.5.4  Model  checking  and  related  approaches 

Model  checking  is  the  chief  alternative  to  theorem  proving.  It  differs  from  theorem  proving 
because  of  a  bottom-up  approach  of  assembling  efficient  decision  procedures  for  small 
domains,  rather  than  performing  general  logical  inference.  Model  checking  is  therefore 
inherently  limited  in  the  kinds  of  problems  it  can  handle.  For  example,  model  checking 
is  unable  to  handle  domains  with  unbounded  state,  as  is  natural  in  such  domains  as 
communication  protocols  Ifl4l.  A  common  approach  is  to  use  a  finite  approximation  of 
the  problem  by  means  of  such  techniques  as  predicate  abstraction  Il47ll.  which  has  also 
been  used  extensively  for  hardware  model-checking  ||34l. 

Predicate  abstraction  forms  the  core  of  modern  software  model-checking  systems  such 
as  SLAM  lilOl  or  BLAST  |jT|.  The  general  approach  taken  in  such  systems  is  to  abstract  a 
system  at  two  levels  -  a  specification  level  and  a  model  level,  and  the  verification  problem 
is  to  ensure  that  the  model  is  a  refinement  of  the  specification.  The  art  of  inferring  models 
in  a  tractable  manner  can  be  surprisingly  subtle  because  of  the  exponential  blowup  in  the 
state  space  in  the  presence  of  concurrency.  Two  methods  are  commonly  used  to  combat 
the  state  explosion  problem  -  compositional  reasoning  1311  [851,  which  attempts  to  break 
up  a  big  problem  into  manageable  components,  and  partial  order  reduction  11451691  '90,1141. 
Combinations  of  such  methods  can  nowadays  handle  model-checking  problems  of  the 
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order  of  lO100  states. 


Efficient  model  checking  back-ends  are,  nevertheless,  ultimately  unsatisfactory  as  de¬ 
scriptive  frameworks  for  concurrent  systems.  In  the  domain  of  concurrent  processes, 
particularly,  many  abstractions  have  been  proposed  to  model  concurrency  and  communi¬ 
cation  —  CSP  [52, 19],  CCS  E|,  the  77-calculus  |82|  or  Petri-nets  II9TT1.  (These  abstractions 
all  fall  naturally  into  fragments  of  linear  logic  Il25ll.)  Combining  model  checking  ap¬ 
proaches  with  such  abstractions  is  a  non-trivial  task.  A  promising  recent  approach  is  to 
capture  the  refinement  relations,  to  be  turned  into  proof-obligations  for  a  model-checking 
back-end,  into  behavioral  types  that  are  exposed  in  the  abstraction  itself  Il63ll26l.  While  an 
interesting  use  of  type-theory,  this  approach  must  still  be  regarded  as  a  tour  de  force  of 
existing  model  checking  frameworks  such  as  SLAM. 

It  is  important  to  stress  that  theorem  proving  and  model  checking  are  not  competitors; 
in  fact,  each  has  a  lot  to  offer  the  other.  Logical  inference  gives  a  way  for  model  checking 
to  exceed  the  the  finite  state  limitation  (as  demonstrated  by  Bozzano  pT4fl),  and  terminate 
exploration  early  for  logical  impossibilities.  Model  checking,  in  turn,  adds  a  number  of 
efficient  search  strategies  to  the  arsenal  of  inference  mechanisms  in  a  theorem  prover. 
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Chapter  2 

Intuitionistic  Linear  Logic 


2.1  Sequent  calculus 


We  take  a  foundational  view  of  logic  based  on  the  approach  laid  out  by  Martin-Lof  in 
his  Siena  lectures  in  1983  11721 1941.  This  view  rests  on  a  separation  of  the  judgements  from 
propositions.  A  judgement  becomes  evident  when  it  is  established  by  means  of  a  proof.  The 
primary  judgements  of  natural  (i.e.,  non-linear)  logic  are  of  the  form  “A  is  a  proposition" 
and  " A  is  true".  To  understand  the  meaning  of  a  proposition,  we  need  to  understand 
what  counts  as  a  verification  of  that  proposition;  the  inference  rules  characterising  the 
truth  of  propositions  define  their  meaning,  as  long  as  they  satisfy  certain  local  consistency 
conditions.  Many  aspects  of  this  foundational  reconstruction  of  logic  are  now  standard 
features  of  the  so-called  judgemental  philosophy  of  logic,  usually  presented  in  a  natural 
deduction  formalism.  Instead  of  repeating  this  usual  introduction,  we  start  directly  with 
a  sequent  calculus,  leaving  a  discussion  of  the  natural  deduction  formulation  for  purely 


proof-presentation  purposes  (sec.  2.2 1. 


We  import  this  judgemental  view  into  a  Gentzen-style  sequent  calculus  for  linear 
logic  [41,  40J.  In  this  calculus,  we  discard  the  general  judgement  of  truth  in  favour  of 
more  basic  notions  of  resources  and  goals,  that  is,  with  the  judgements  "A  is  a  resource "  and 
"A  is  a  goal".  These  correspond  to  hypotheses  and  conclusions,  respectively,  but  with  the 
following  linearity  restriction:  every  resource  used  to  construct  a  goal  must  be  consumed 
exactly  once.  As  usual,  we  write  this  as  a  sequent,  with  the  resources  listed  on  the  left  of 
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the  sequent  arrow  (=>),  and  the  goal  on  the  right. 

Mi : (Ai  res), m2 : (A2  res), ...,un: (A„  res)  =>  C goal 
This  sequent  is  read  as  follows:  with  resources  A,  we  can  achieve  goal  C. 

Each  Ui  is  a  label  for  the  particular  resource,  and  all  labels  are  distinct.  We  shall  write 
A  for  the  collection  of  resources.  Where  understood,  we  shall  elide  both  the  label  for 
the  resource,  and  the  judgemental  label  "  res” .  A  given  sequent  is  taken  to  be  evident 
if  it  has  a  derivation  using  the  rules  of  inference.  Of  these  rules  of  inference  there  are  two 
kinds:  judgemental  rules  (sometimes  also  called  structural  rides )  that  define  the  allowable 
structural  operations  on  sequents,  and  logical  rules  that  define  the  meaning  of  logical 
connectives. 


Judgemental  rules  Though  we  have  yet  to  specify  our  language  of  propositions,  they 
will  include  a  collection  of  atomic  propositions.  We  write  these  propositions  using  lower¬ 
case  letters:  p,  q,  etc.  Atomic  propositions  have  no  propositional  structure,  and  therefore 
no  logical  rules  defining  their  meaning.  There  is  one  judgemental  principle  to  characterise 
the  use  of  atomic  propositions:  an  atomic  resource  can  be  consumed  to  obtain  the  same 
atomic  goal.  This  we  write  in  the  form  of  an  axiomatic  initial  rule: 

- j  init. 

p  res  =>  p  goal 


Unlike  natural  logics,  in  the  purely  linear  logic  there  are  no  further  judgemental  rules 
regarding  resources.  In  particular,  weakening  and  contraction  are  not  valid  structural  rules 


The  sequent  calculus  is  constructed  to  satisfy  two  important  principles  -  substitution 
and  identity.  Substitution,  often  known  as  cut,  defines  how  a  conclusion  A  goal,  relates  to 
uses  of  the  the  hypothesis  A  res. 


A 


A  goal  A',  A  res  =>  C  goal 
A,  A'  ==>  C  goal 


cut 


In  other  words,  it  is  sound  to  use  a  goal  as  a  resource.  Dually,  given  any  resource,  the 
logic  must  be  strong  enough  to  construct  a  goal  from  it. 

identity 


A  res 


A  goal 


These  two  principles  can  be  seen  as  a  form  of  global  soundness  and  completeness  of  the 
calculus  with  respect  to  the  natural  deduction  formulation  of  the  logic  (see  sec.|2.2j>. 
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Theorem  2.1.  The  "cut"  and  " identity "  rides  are  admissible. 

For  expository  purposes,  we  shall  present  principal  cases  of  the  proof  of  this  theorem 
as  we  present  the  logic.  The  full  proof  will  be  delayed  until  the  formal  presentation  in 
sectionl2.1.5l 


2.1.1  Purely  linear  logic 

Now  we  turn  to  the  linear  propositions,  whose  meanings  are  given  in  terms  of  their  logical 
rides.  Linear  propositions  are  built  up  in  terms  of  the  following  grammar: 

A,B,C,...  ::=  A8B|1|A®B|0|A^>B|A&B|T 

For  each  connective  we  will  have  right  rules  that  will  define  the  construction  of  the  propo¬ 
sition  as  goals,  and  left  rules  that  will  define  the  use  of  the  proposition  as  resources. 


Multiplicative  conjunction  The  8  connective  (called  "tensor")  and  its  unit  1  are  con¬ 
structed  as  goals  as  follows: 


A  =>  A  goal  A'  =>  B  goal 
A,  A'  ==>  A  (8  B  goal 


<8  R 


■  ==>  1  goal 


1 R 


The  operation  A,  A'  denotes  multiplicative  union,  that  is,  each  of  the  constituents  is  present 
wholly  and  separately  in  the  united  context.  On  the  left,  to  use  A  8  B  as  a  resource  is  to 
use  both  A  and  B  as  resources;  to  use  1  as  a  resource  is  to  remove  it.  Thus  we  obtain  the 
left  rules: 


A,  A  res,  B  res  =>  C  goal  A  ==>  C  goal 

A,  A  8  B  res  =>  C  goal  A,  1  res  =>  C  goal 


Why  are  these  the  correct  rules  for  these  connectives?  To  answer  that,  we  have  to  look  at 
local  versions  of  the  global  soundness  and  completeness  theorems,  "cut"  and  "identity", 
respectively. 

The  local  form  of  "cut"  is  what  is  called  a  principal  cut.  Here,  we  assume  that  (for  some 
chosen  proposition  C)  we  have  two  derivations,  one  in  which  C  goal  has  just  been  con¬ 
structed  using  a  right  rule,  and  another  in  which  C  res  has  just  been  used  with  a  left  rule.  Ex¬ 
plicitly,  for  8,  we  consider  the  derivations  D  ::  A  =>  A  8  B  goal  and  £  ::  A',  A  res  ==>  C  goal 
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as  follows: 


D i  ::  Ai  =>  A  goal  D2  ::  A2  =>  B  goal 
D=  AlrA2^  A®  B  goal  ®R 

S'  ::  A' ,  A  res,B  res  =>  C  goal 
^  A',A®B  res  =>  C goal 

A  cut  between  these  two  derivations  should  give  us  a  means  of  decomposing  the  cut 
to  smaller  derivations  for  which  we  assume,  inductively,  that  cuts  are  admissible.  For 
instance,  we  can  cut  (written  using  +  indexed  with  the  cut  proposition)  the  derivation  T)\ 
and  S'  to  get: 

+a  S')  ”  Ai,  A',  B  res  =>  C  goal 

This  derivation  is  not  necessarily  smaller  than  either  T)\  or  S';  however,  we  still  allow  a 
cut  on  this  derivation  with  D 2  because  it  has  a  smaller  cut  formula,  in  this  case  B.  Thus, 

(D2  +b  (lD\  +a  S')  ■■  Ai,  A2/  A'  ==>  C  goal 


To  state  principal  cuts  even  more  precisely,  we  need  a  language  for  derivations.  The 
right  derivation  D  is  constructed  by  multiplicatively  compositing  the  right  derivations 
D]  and  D2r  we  therefore  write  this  as 


®R(D1,  D2;A®B) 

Similarly,  the  left  derivation  &  is  constructed  from  &'  by  combining  u  :  (A  res )  and  v  :  ( B  res) 
to  create  w  :  (A®B  res).  We  write  this  as: 

®L(u.  v.  &' ;  w:A  ®  B) 


The  labels  u  and  v  are  understood  as  free  in  S' ,  but  bound  in  u.  v.  S'.  The  label  zv  is  free 
in  the  full  ®L  derivation.  We  use  the  substitution  notation  ... ,  un/vn]D  to  denote 

the  simultaneous  renaming  of  the  free  labels  Vj  in  the  derivation  D  with  the  labels  u,.  Of 
course,  for  the  resulting  derivation  to  be  well-formed  u  -,  and  v]  must  all  be  distinct,  and 
furthermore  none  of  the  ut  must  already  occur  freely  in  D.  Once  we  have  the  full  syntax 
of  derivations,  we  shall  formalise  the  notion  of  free  labels  (see  defn.  2.16|>. 

In  each  case  in  the  syntax  for  derivations,  we  separate  out  the  principal  proposition 
with  a  semi-colon.  If  the  principal  formula  is  on  the  left,  we  further  indicate  the  label  of 
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the  hypothesis  assigned  to  the  principal  formula;  for  this  derivation  to  be  well-formed, 
this  label  must  not  occur  freely  in  any  subderivation.  The  full  syntax  of  all  derivations 
will  be  presented  in  section 

The  principal  cut  above  can  be  written  as  a  simple  equation  on  derivations: 

®R(Vi,D2  ;  A  0  B )  +W:A0B  <8>L(u.  v.  6  ;w:A  0  B)  =  Di  +v-.b  (£>i  +w-.a  W /u,v' /v]S) 

where  u'  and  v'  are  assumed  to  be  fresh  variables,  i.e., 

{«>'}  n  (fl^)  U  fl(£>2)  U  fl(£)  U  {u,v})  =  0 

For  the  unit,  1,  we  obtain  a  very  similar  principal  cut. 

IB  +,<:i  1L(£ ;  u :  1)  =  & 


2.1.5 


Next  the  question  of  local  completeness.  Here  we  prove  the  identity  principle  induc¬ 
tively  on  the  proposition,  assuming  it  for  sub-propositions. 


A 


==>  A  l  h-  fT  = 
A,B  A®B 
A®B  =>  A®B 


h i  h- 

—  ®R 

0L 


1 R 
1 L 


Linear  implication  The  linear  implication  -°  (sometimes  called  "lolli")  is  constructed  as 
a  goal  and  used  as  a  resource  in  the  following  ways: 

A,  A  res  =>  B  goal  A  =>  A  goal  A',  B  res  =>  C  goal 

A  ==>  A  -o  B  goal  A,  A',  A  -°  B  res  =>  C  goal 

The  corresponding  right  and  left  derivations  use  the  following  syntax: 

-oR(n.  D ;  A -o  B)  -°L(S,u.  ;  z;:A  -°  B) 

The  principal  cut  is: 

—oR(u.  D ;  A  —o  B)  +w:a-ob  ~~ °T(£,  v.  &' ;  iv:  A  — o  B)  =  +u'-.a  \u' /u\!D^  +V'-.b  \v' / v\&' 

where,  as  before,  the  variables  u'  and  v'  are  fresh,  i.e.,  not  occurring  in  any  of  the  smaller 
derivations.  The  inductive  case  of  the  identity  principle  is: 

A  =>  A  l  h‘  B=>B  l  h‘ 

A  -o  B,  A  ==>  B  °L 
A  -o  B  =>  A^B 
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Additive  conjunction  The  additive  conjunction  &  (called  "with")  has  the  following  right 
and  left  rules. 

A  =>  A  goal  A  =>  B  goal 
A  =>  A  &  B  goal 

A,  A  res  =>  C  goal  A,  B  res  =>  C  goal 

A,  A  &  B  res  =>  C  goal  A,  A  &  B  res  =>  C  goal 

The  corresponding  syntax  for  right  and  left  derivations  is; 

SzR(!Di,  T)2 ;  A  &  B)  &zLj(u.  T) ;  w.A\  &  A2)  z  £  {1,2} 

There  are  two  principal  cuts,  depending  on  which  of  the  left  rules  was  used  for  A  &  B  res. 

&hR(<Di,T)2  ;  A  &  B)  +u:a&b  &Li(v.  S ;  u : A  &  B)  =  T>\  +U'-.aW /v\S 
&cR{Di,T)2  ;  A  &  B)  +U:a&b  &cL2(v.  S ;  u:  A  &  B)  =  ©2  +«':b  [fVujfi 

(Again,  per  convention,  the  variable  A  is  fresh.) 

The  inductive  case  of  the  identity  principle  is: 

j  =>  A  i,h;  B  =>  B  i  h, 

/I  &  B  =>  A  &Ll  A&B^B&Ll 

-  &R 

A&B  =1  A&B  ^ 

The  unit  of  the  additive  conjunction  is  T.  It  has  a  single  right  rule: 

7 ^ - 7  T  R 

A  ==>  T  goal 

Being  a  nullary  case  of  &,  it  lacks  a  left  rule.  Thus  the  question  of  a  principal  cut  doesn't 
arise  at  all  for  this  connective.  The  inductive  case  of  the  identity  principle  is  trivial: 

— - — — - 7  T  R 

T  res  ==>  T  goal 


Disjunction  Disjunction  ©  has  the  following  right  and  left  rules. 

A  =>  A  goal  A  =>  B  goal  A,  A  res  =>  C  A,  B  res  =>  C 

-7 - 7 - — - 7  ®R\  ~r - 7 - 77 - 7  ©1^2  - a — a - 77 - 77 -  ©L 

A  =>  A  ©  B  goal  A  ==>  A  ©  B  goal  A,  A  ©  B  res  =>  C 

The  corresponding  syntax  for  right  and  left  derivations  is; 

®Ri{!D ;  A\  ffi  A2)  ®L{u.  S\,  v.  S2 zv A  &z  B)  z'£{l,  2} 
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Once  again  we  obtain  two  principal  cuts,  depending  on  which  rule  was  used  to  conclude 
A  ffi  B  goal. 


®Ri(D ;  Ai  ©  A2)  +ua1®a2  ®L(v\.  Si,  v2.  S2;u:A1®  A2)  -  D  +v^Ai  [v'Jvil&i 

(Per  convention,  v\  is  fresh.)  The  inductive  case  of  the  identity  principle  is: 


i  e  {1,2} 


A  =>  A 
A  =>  A  ffi  B 


i.h. 


eR  i 


B 


B 


i.h. 


B 


a©b 


A  ffi  B  =>  A  ffi  B 


®R2 

®L 


The  unit  of  ffi  is  0;  it  has  no  right  rules,  and  a  single  left  rule: 

A,  0  res  =>  C  goal  ^ 

There  is  no  principal  cut,  and  the  inductive  case  of  the  identity  principle  is: 

0  res  ==>  0  goal  ^ 


2.1.2  Truth 

Logical  truth  is  recovered  in  this  resource-aware  setting  in  the  form  of  a  modal  categorical 
judgement,  that  is,  a  sequent  with  no  resources. 

The  judgement  A  true  is  evident  if  and  only  if  ■  =>  A  goal. 

That  is,  a  true  proposition  is  independent  of  the  linear  resources.  Any  proof  of  a  true 
proposition  can  therefore  be  re-used  arbitrarily  often  without  fear  of  consuming  any 
linear  resources.  The  analogue  of  the  truth  judgement  on  the  left  of  the  sequent  arrow, 
therefore,  is  treated  as  an  unrestricted  resource  (written  unr ),  that  is,  a  resource  that  may  be 
consumed  arbitrarily  often.  More  precisely,  we  define  a  dyadic  sequent  of  the  form: 

Mi :  (Ax  unr), ...,  um :  ( Am  unr )  ;  V\ :  (B,  res), . . .  ,vn:  (B„  res)  =>  C  goal. 

The  ordinary  sequent  Ai  hyp, . . . ,  An  hyp  ==>  C  true  of  natural  logic  is  the  derived  form 
Ai  unr, . . .  ,Am  unr ;  •  =>  C  goal;  we  thus  obtain  one  ready  embedding  of  natural  logic  in 
linear  logic:  ensure  that  no  hypotheses  are  linear.  Again,  to  simplify  matters,  we  omit 
the  hypothesis  labels  u,  v,  etc.  and  the  judgemental  labels  unr  and  res  when  there  is  no 
ambiguity.  We  use  the  meta-variables  T  and  A  for  the  unrestricted  and  linear  hypotheses 
respectively. 
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Judgemental  rules  There  is  a  new  judgemental  rule  to  characterise  the  unrestricted 
resources:  any  unrestricted  resource  may  be  copied  (thinking  backwards)  into  the  linear 
zone  arbitrarily  often,  using  the  "copy"  rule: 


T,  A ;  A,  A  =>  C 
T,  A ;  A  =>  C 


copy 


A  logician  may  choose  to  read  this  rule  as  a  form  of  contraction:  any  number  of  copies  of 
an  unrestricted  resource  may  be  factored  away 


Whenever  we  add  a  new  judgement  to  the  logic,  we  have  to  ask  what  it  means  to 
construct  and  use  this  new  judgement.  For  unrestricted  resources,  we  obtain  a  new  case 
of  the  "cut"  rule,  which  we  write  call  "cut!": 

T ;  •  =>  A  goal  f,  A  unr ;  A  ==>  C  goal 


f ;  A  =>  C  goal 


cut! 


Dually,  we  extend  the  identity  principle  slightly  by  allowing  any  number  of  unre¬ 
stricted  hypotheses  in  the  identity  rule. 

— — - - - ,  identity 

T ;  A  res  =>  A  goal 


This  form  of  the  identity  principle  is  all  we  need,  because  T,  A  unr ;  • 
derived  using  "copy". 


T,  A  unr ;  A  res  ==>  A  goal 
T,  A  unr ;  ■  ==>  A  goal 


identity 

copy 


A  goal  can  be 


We  also  extend  theorem |2.1| to  account  for  the  new  judgement. 
Theorem  2.2.  The  " cut ",  "cut!”  and  “ identity ”  rides  are  admissible. 


Once  again,  we  shall  present  principal  case  of  cut  and  a  short  proof  of  the  inductive  case 
of  the  identity  principle  as  we  introduce  the  connectives.  Distinct  from  linear  resources,  the 
unrestricted  resources  maybe  weakened  and  contracted  arbitrarily.  In  usual  presentations 
of  linear  sequent  calculi,  these  are  presented  as  rules  of  inference: 

r;A=>C  ,  T, A, A ; A  =>  C 


T,  A ;  A  =>  C 


weaken 


T,  A ;  A  =>  C 


contract 


However,  analogously  to  our  treatment  of  cut,  we  do  not  consider  these  rules  to  be 
judgemental,  but  rather  engineer  the  logic  so  they  are  admissible. 


26 


Theorem  2.3. 

The  rules  " weaken "  and  " contract "  are  admissible. 

Truth  exponential  We  now  extend  the  language  of  propositions  with  a  new  connective, 
!,  to  internalize  the  unr  and  true  judgements  in  terms  of  res  and  goal  respectively.  The 
right  and  left  rules  of  this  connective  are  as  follows: 

r  =>  A  true  ,  „  T,A  unr;  A  =>  C 
r ;  ■  =>  !A  goal  ' K  T;A,\Ares=$C 

Keep  in  mind  that  the  premiss  of  IR  actually  is  an  abbreviation  for  T  ;  ■  ==>  A  true.  These 
two  derivations  are  represented  syntactically  as  follows. 

IR(!D;\A)  lL(u.  6 ;  v: \A) 


The  principal  cut  is,  then: 

\R(D ;  \A)  +n,A  lL(v.  G;u:lA)  =  D  +,V,A  [v'/v]  6 


Per  the  usual  convention,  v'  is  assumed  to  be  fresh;  also  +i  is  a  representation  of  "cut!". 


The  inductive  case  of  the  identity  principle  is  as  follows: 


T,A ;  A  =>  A 
T,  A  ;  •  =»  A 
r  ,A;-=>!A 
r ;  IA  =^>!A 


i.h. 

copy 

\R 

!L 


Embedding  intuitionistic  logic  To  illustrate  the  power  of  the  new  unrestricted  resource 
judgement,  we  quickly  present  one  embedding  of  natural  (non-linear)  intuitionistic  logic 
into  linear  logic.  Such  embeddings  can  actually  be  done  in  a  number  of  ways;  we  will 
sketch  Girard's  original  embedding  (42). 


Definition  2.4  (Propositional  intuitionistic  logic).  Propositions  in  intuitionistic  logic  are  either 
atomic,  or  composed  out  of  smaller  propositions  using  the  connectives  A,  V  and  D.  Sequents  in 
this  logic  have  the  shape  T  =>/  C  with  the  following  rides: 


r  ,v 


r  =>j  a  r  ==>;  b 
r  =>f  a  a  b 


A  R 


T,A1  A  A2,  Aj  C 

r,  Ai  a  A2  s i  c 
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T,A  D  B 


r,A=>,B 
r  ==>;  A  D  B 

r  =>/  Aj 

- >7  Aj  V  A2 


dR 


VR; 


A  f,A  D  B,B  >;  C 


r,A  db=>,c 
r,A  V  B,A  =>;  c  r,  A  V  B,  B 


D  L 

iC 


r,A  vb 


c 


VL 


Definition  2.5  (Girard  embedding).  The  Girard  embedding  (-)0  is  defined  on  intuitionistic 
propositions  hereditarily  as  follows: 


(p)°  =  p  (A  A  B)°  =  (A)0  &  (B)°  (A  D  B)°  =  !(A)°  -o  (B)°  (A  V  B)°  =  !(A)°  ©  !(B)° 
Theorem  2.6  (Soundness  of  the  Girard  embedding).  If  (T)° ;  •  =>  ( C)° ,  f/zen  T ;  ■  =>/  C. 
Proof  sketch  /[42l.  Structural  induction  on  the  derivation  of  (T)0 ;  ■  =>  (C)°.  □ 


That  this  embedding  is  complete,  and  furthermore,  preserves  the  structure  of  proofs  is 
extremely  easy  to  see. 

Theorem  2.7  (Completeness  of  the  Girard  embedding).  IfT  =>j  C,  then  (T)0 ;  •  =>  (C)°. 

Proof  sketch  W2f.  Structural  induction  on  the  derivation  of  T  =>/  C.  For  every  case  of  the 
final  rule  used  in  this  derivation,  an  equivalent  linear  derivation  can  be  found  in  the  image 
of  the  embedding.  The  following  is  a  characteristic  example. 

Dr.:T,AV  B,A=^IC  T>\ A:  T,  A  V  B,B  =>j  C 

- - -  VL 

r,A  V  B  ==>/  C 


(T)°,  (A  V  B)°,  (A)0 ;  ■  =>  (C)°  i.h.  on  V, 

(T)°,  (A  V  B)° ;  !(A)°  =>  (C)°  !L 

(T)°,  (A  V  B)° ;  !(B)°  =>  (C)°  similarly  for 

(T)°,  (A  V  B)°  ;  (A  V  B)°  =>  (C)°  ®L 

(T)°,  (A  V  B)°,  (A  V  B)° ;  •  =>  (C)°  copy  □ 


There  are  many  other  possible  encodings  of  intuitionistic  logic  in  linear  logic.  A  large 
number  of  them  were  systematically  investigated  by  Schellinx  H1061:  however,  his  work 
does  not  cover  the  full  spectrum  of  possibilities  of  such  embeddings.  For  example,  it  is 


possible  to  make  the  embedding  focusing-aware,  as  we  show  in  section  6.4 
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2.1.3  Possibility 


Our  conclusions  thus  far  have  been  of  the  form  A  goal,  which  is  not  sufficient  to  express 
negation  or  contradiction  among  the  hypotheses.  In  the  usual  view  of  negation  in  intu- 
itionistic  logics,  contradictory  hypotheses  describe  a  condition  where  an  actual  proof  of 
the  conclusion  is  unnecessary  Such  a  view  violates  linearity  as  such,  as  the  construction 
of  the  goal  must  explicitly  linearly  consume  every  resource  as  part  of  its  construction. 
One  possible  approach  is  to  define  negation  -i A  as  A  -°  0,  like  in  Girard's  translation  from 
intuitionistic  to  classical  linear  logic,  but  then  we  give  up  all  pretense  of  linearity,  because 
A  res  and  -i A  res  can  be  used  to  construct  any  goal  at  all,  destroying  any  linear  consider¬ 
ations  that  might  have  been  used  for  the  rest  of  the  hypotheses.  In  particular,  we  do  not 
want  weakening  and  contraction  to  suddenly  become  admissible  for  the  linear  resources 
if  there  is  a  contradiction. 

For  linear  contradiction,  therefore,  we  have  to  relax  the  conclusion  A  goal  to  allow  for 
some  additional  proofs,  the  understanding  being  that  a  proof  of  A  poss  is  either  a  proof  of 
A  goal,  or  a  linear  contradiction  among  the  hypotheses.  In  the  first  case,  where  we  actually 
have  a  proof  of  A  goal,  we  obtain  a  new  judgemental  rule: 

T ;  A  =»  A  goal 

- 5 —  poss 

T ;  A  =»  A  poss 

Unlike  truth,  this  is  not  a  definition  of  A  poss  because  this  rule  is  not  invertible.  Therefore, 
unlike  truth,  we  keep  A  poss  as  a  new  judgemental  form  on  the  right  hand  side.  We  do 
not,  however,  require  a  matching  judgemental  form  on  the  left  of  the  sequent  arrow. 

The  use  of  a  possible  conclusion  is  defined  in  terms  of  a  new  cut  principle. 

T ;  A  ==>  A  poss  T  ;Ares  ==>  C  poss 

- r — a  .  ^ -  CUt? 

T ;  A  ==>  C  poss 

The  justification  for  this  form  of  the  cut  principle  is  as  follows.  Assume  A  poss;  then,  there 
may  exist  a  contradiction  among  the  resources  T ;  A,  in  which  case  also  C  poss.  On  the 
other  hand,  we  may  have  an  actual  proof  of  A  goal;  in  this  case,  by  the  ordinary  cut  we  get 
C  goal,  which  also  means  C  poss. 
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Possibility  exponential  The  possibility  judgement  is  internalised  as  the  connective  ? 
(read  "why  not").  Its  right  and  left  rules  are  as  follows: 

T ;  A  =>  A  poss  T  ;Ares  ==>  C  poss 

T ;  A  =>  ?A  goal  '  ^  T  ;?A  res  ==>  C  poss  '  ^ 

The  corresponding  syntax  for  derivations  is: 

?R(D;?A)  ?L(u.&;v;?A ) 

The  principal  cut  for  this  connective  is: 

?R(D ;  ?A)+u,a?L(v.  6;u:?A)  =  D  +7v,.A  [v'/v]6 

Here,  we  use  +?  to  stand  for  uses  of  "cut?".  The  label  v'  is  fresh,  per  the  usual  convention. 

Finally,  the  inductive  case  of  the  identity  principle  is: 

T  ;Ares  ==>  A  goal 

- A —  poss 

T ;  Ares  =>  A  poss 

T ;  ?A  res  =>  A  poss  ’  ^ 

- - -  ?R 

T ;  ?A  res  ==>  ?A  goal 

Theorem  2.8.  The  "cut",  " cut !",  "cut?"  and  “identity"  rides  are  admissible. 

Linear  contradiction  What  remains  is  to  define  linear  contradiction  in  terms  of  this  new 
possibility  judgement.  Recall  that  there  is  no  right  rule  for  0  goal,  so  the  only  way  to  prove 
it  is  if  the  hypotheses  contain  a  contradiction;  however,  the  problem  with  0  res  is  that  it 
destroys  linearity  of  the  resources.  Using  the  "poss"  and  ?R  rules,  we  can  easily  get  from 
0  goal  to  ?  0  goal.  Consider  ?  0  res.  The  only  way  to  use  this  resource  with  ?L  is  to  force  the 
linear  zone  to  be  empty  except  for  the  singleton  resource  ?  0  res.  Thus,  even  though  0  res 
can  break  linearity,  this  property  does  not  transfer  over  to  ?  0  res,  thus  giving  us  a  means 
of  restricting  the  "reach"  of  the  contradiction.  We  thus  obtain  a  way  to  define  a  linear 
negation:  -i A  defined  as  A  -°  ?  0. 

The  important  fact  to  note  about  this  linear  negation  is  that  from  A  res  and  -i A  res  we 
can  conclude  any  C  poss. 

.  ,  .  T ;  Ores  ==»  C  poss  ^ 

— — - — — - ;  identity  —— - — — - ?L 

T ; Ares  =>  A  goal  T ;  ?  0  res  =>  C  poss 

T ;  A  res,  -> A  res  ==>  C  poss 
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It  would  not  be  possible  to  conclude  T ;  A,  A  res,  -A  res  =>  C  poss  for  a  non-empty  A, 
however.  We  thus  obtain  our  required  notion  of  contradiction  that  preserves  linearity. 

Laxity  There  is  a  closely  related  judgement  of  laxity  that  has  arisen  in  the  Concurrent 
Logical  Framework  (CLF)  11171.  This  judgement,  A  lax  is  constructed  out  of  monadic 
rather  than  modal  considerations,  and  can  be  seen  as  a  slightly  more  permissive  form  of 
possibility.  Like  possibility,  this  judgement  is  also  defined  in  terms  of  its  cut  principle: 

T ;  A  =>  A  lax  T ;  A',  A  res  =>  C  lax  (  ^ 

T ;  A,  A'  ==>  C  lax  {cutl 

This  judgement  thus  lacks  sufficient  strength  to  define  linear  contradiction.  However,  it 
has  a  practical  application  as  a  means  of  "staging"  the  computations  in  a  monadic  style. 
The  laxity  judgement  is  internalized  as  a  connective,  {A},  with  the  following  judgemental, 
left  and  right  rules. 

r ;  A  =>  A  goal  T ;  A  =»  A  lax  T ;  A  =>  {A}  goal  T ;  A',  A  res  =>  C  lax 

T ;  A  =>  A  lax  lax  T ;  A  =>  {A}  goal  {K}  T;  A,  A'  =>  Clax 

In  this  thesis,  we  shall  not  pursue  the  development  of  the  laxity  judgement  in  any  more  de¬ 
tail,  favoring  the  possibility  judgement  instead.  All  statements  made  about  the  possibility 
judgement  can  be  readily  adapted  for  the  laxity  judgement. 

Embedding  classical  linear  logic  Girard  has  shown  that  classical  linear  logic  is  more 
expressive  than  intuitionistic  (non-linear)  logic  by  giving  a  means  of  embedding  the  latter 
into  the  former  Il42ll.  In  this  section  we  briefly  sketch  an  embedding  of  classical  linear 
logic  into  intuitionistic  linear  logic,  demonstrating  the  expressiveness  of  the  possibility 
judgement.  There  are  several  well  known  translations  from  classical  to  intuitionistic 
logics,  the  most  well  known  of  them  perhaps  being  the  double-negation  translation  I38l. 
We  use  this  idea  in  our  case,  using  the  definition  of  linear  falsehood,  ?  0,  from  the  previous 
section. 

First,  we  briefly  sketch  the  classical  sequent  calculus,  which  we  present  in  a  two-sided 
dyadic  fashion  similar  to  the  Girard's  logic  of  unity  (LU)  l43l.  The  propositional  connec¬ 
tives  include  all  the  intuitionistic  linear  connectives,  and  in  addition  the  multiplicative 
disjunction  *8,  its  unit  _L,  and  the  "why  not"  exponential  ?.  Classical  sequents  are  written 


31 


as  r  ;  A  =>c  Q  ;  VF  where  A  and  Q  are  linear  and  F  and  VF  are  unrestricted.  The  rules  are 
shown  below. 


Judgemental 


T-p^cV'^ 


init 


Multiplicative 


T ;  A  =>c  Q,  A  ;  M7  T  ;  A'  =>c  Q',B  ;  W  T ;  A,  A,B  =^c  □  ;  W 

~®R  '  \  ’  „ — c  '  ®L 


T ;  A,  A'  =^c  Q,  Q',A®B 


T ;  A,  A  0  B  =>c  ^ ^ 


T;-  =>c  1;^ 


T;A=^cO;^ 

1R  — - - - - 1  T 

r  ;  A,  1  =^c  o  ;  ^ 


T  ;  A  =>c  Q,A,  B  ;  M7  r  ;  A,  A  =>c  □  ;  W  T;A  ',B=>C 

_ ' _ _ _ ' _ ' _ ' _ 297?  _ 7 _ 7 _ t _ 7 _ 7 _ 7 _ t _ ' _ 297 

T;A  =>c  T ;  A,  A', A1?  B  =>c  O, O' ; ^ 


r;A=^cO;W 
T ;  A  =>c  n,±;W 


JL  R 


T;  ±=>c 


JL  L 


T ;  A,  A  =>c  Q,  B ;  M7  T;  A',B  =»  Q' 

-'J-1  T ’  A  A  /  A  n  .  /'"X  /W /  ITf 


T ;  A  =>c  Q ,A^>B;W 


T  ;A,A',A^>B  =>c  0,0';^ 


T;  A,A  =^cO;W  T;A=^C 

1TV  T-1  A  /t  v  /'“A  ITf  l*-' 


T ;  A  =>c  n,^A;W 


T ;  A,  -1 A  ==>c  □  ;  'h 


Additive 

T;A^CUA;T  T ;  A  =^c  £XB  ;  ^ 


&R 


T;  A,A/ 


T  ;  A  =>c  O,  A  &  B  ;  M7  T  ;  A,  Aa  &  A2  =>c  □  ;  'h 

T ;  A  =>c  O,  A, ;  M7  ^  T ;  A,  A  □  ;W  r;A,B^cO;T 


T ;  A  =>c  Q,Ai®  A2;vB 


®R; 


r  ;A,A&B  =^c  ^;W 


&L; 


®L 


T ;  A  ==>c  Q,T;vp 


T  R 


T  ;  A,  0  =^c  □  ;  W 


0  L 


Exponential 


r;-  = 
r;-  = 

T ;  Q 


■  A;^ 


?c _ 

>c  !A ;  W 


\R 

cOj^A 


T;A=»C  n,?A;W 


?R 


T,A ;  A  == 
T ;  A,  !A  = 

T ;  A 


Q ;  W 
>c-;vp 


!L 


T;?A=>c-;vp 


?L 
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This  presentation  of  the  calculus  has  the  following  nice  property:  weakening  and 
contraction  of  the  unrestricted  resources  are  structural  theorems,  and  cut  is  admissible. 

Theorem  2.9  (Structural  theorems). 

1.  IfT ;  A  =>c  Q  ;  M7,  then  T,  T' ;  A  =>c  O ;  M7,  M7'.  (weakening) 

2.  If  I,  A,  A;  A  =>c  Q ;  W,  then  T,  A ;  A  =>c  Q ;  vh-  Similarly ,  if  I-  A  =>c  Q ;  W,  A,  A, 
f/zen  T ;  A  =>c  O ;  W,  A.  (contraction) 

3.  The  following  are  cases  of  cut. 

(a)  IfT ;  A  T1,A;W  and  T ;  A',  A  =^c  O' ;  W,  then  T ;  A,  A'  0,0' ;  W. 

(b)  IfT ;  •  A ;  Q  and  T,  A ;  A  =>  Q ;  W,  then  T ;  A  =^c  Q ;  vh. 

(c)  IfT  ;A=>cG;'V,AandT  ;A=>  ■ ;  W,  to  T ;  A  =>c  O ;  W. 

Proof.  Weakening  and  contraction  are  shown  by  induction  on  the  given  derivations.  Cut 
is  shown  by  lexicographic  induction  on  the  three  forms  of  cut.  The  details  of  these  proofs 
can  be  found  in  H93ll.  □ 

Being  a  classical  logic,  this  sequent  calculus  admits  more  proofs  than  the  corresponding 
intuitionistic  sequent  calculus  on  the  intuitionistic  subset. 

Definition  2.10  (Intuitionistic  restriction).  The  intuitionistic  fragment  of  the  classical  sequent 
calculus,  written  using  the  sequent  arrow  =>a,  Is  that  fragment  of  the  classical  sequent  calculus 
that  uses  only  the  connectives  {0,1,&,  T,®,0, !}  and  has  a  singleton  right-hand  side,  i.e.,  of  the 
form  A;  ■  or  ■  ;A. 

Theorem  2.11  (Intuitionistic  linear  logic  is  a  fragment  of  classical  linear  logic). 

1.  T ;  A  =>ci  A ;  •  if  and  only  ifT ;  A  =>  A  goal. 

2.  IfT ;  A  =>a  • ;  A  if  and  only  ifT ;  A  =>  A  poss. 

Proof.  We  use  structural  induction  on  the  given  derivation  in  either  case.  □ 

For  the  double  negation  translation  we  make  a  syntactic  definition  of  negation,  and 
then  translate  classical  propositions  into  intuitionistic  propositions,  using  the  defined 
negation  to  handle  the  classical  connectives  that  are  not  present  in  the  image. 
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Definition  2.12  (Double  negation  translation).  Write  ~  A  for  A- °  ?  0.  The  translation  of 
classical  to  intuitionistic  linear  propositions,  written  [[-]],  is  as  follows: 

Ivi  =  V 

IA  ®  B]  =  —  M  (8  ~~  IBJ  M  =  1 

[[A2?  B]  =  ~  (~  |[A]]0  ~  EBB)  E-LB  =  ~  1 


-°  BJ  =  — 

IA]  ^  — 

EBB 

E-ab  =  ~~  [A]  -o  ~  1 

[[A  &  £>]]  = 

—  EAB  & 

—  EBB 

ItB  =  t 

IA®BJ  = 

~~  EAB  © ' 

—  EBB 

10]]  =  0 

E!  AB  = 

!  ~~  EAB 

[?A1  =  ~  !  ~  EAB 

This  definition  is  generalised  to  collections  of  propositions,  contexts,  and  sequents  in  the  usual 
point-wise  manner. 

The  only  novelty  in  this  definition  is  the  use  of  !  in  the  translation  of  ?  A  rather  than 
the  intuitionistic  ?  modal  operator.  The  reason  for  this  choice  is  that  the  semantics  of  the 
classical  ?  do  not  match  up  precisely  with  that  of  the  intuitionistic  case  because  of  the 
additional  modal  nature  in  the  latter. 

The  following  is  the  key  lemma  necessary  for  proving  the  embedding  theorem. 

Lemma  2.13. 

1.  If  I ;  A  =>  A  if  and  only  if  T ;  A,  ~  A  =>  ?  0. 

2.  T ;  A,  A  ==>  ?  0  if  and  only  if T ;  A,  —  A  =>  ?  0. 


Proof  For  (1)  use  -°L  with  the  given  sequent  and  the  sequent  T ;  ?  0 
identity  principle)  as  premisses.  For  (2),  in  the  forward  direction  use  - 
the  reverse  direction  note  that  T  ;  A  => —  A  is  derivable: 


fTOidenti7m 

part  (1) 


T ;  A,  ~  A 


?0 


r ;  A 


A 


iR 


==>  ?  0  (using  the 
o R  and  part  (1);  in 


Then  apply  cut  (theorems |2.8|and|2.21[). 


□ 


Given  a  context  A,  we  represent  by  ~  A  the  context  where  every  proposition  in  A  is 
affixed  with  ~. 
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Theorem  2.14  (Preservation).  IfT ;  A  =>c  O ;  VP,  then  []T]] ,  ~  [[W]] ;  [[AJ ,  ~  [[Q]] 


?0. 


Proof.  By  structural  induction  on  the  derivation  C  ::  T ;  A  =>c  O  ;  VP-  The  following  are  a 
few  representative  cases. 


Case  C  =  ^ - rpr  init. 

T ;p 

CO,~CP1;p=>p 

Case  The  last  rule  in  C  is  a  multiplicative  rule,  say: 


"init" 


lem.  2.13 


C  = 


Ci  ::  T  ;  A 


Q,A  ;  W  C2::  T  ;  A' 


T ;  A,  A' 


Q, Q',A®B  ,W 


®R 


CO ,  ~  M  ;  CAH ,  ~  COL  ~  [A]  =>  ?  0 
CO,~M;CA]],~CO]  =>—  CA] 

CO ,  ~  M ;  CA1 ,  ~  CO']  =>—  CB] 

CO CvO;  CA,  Ai ,  ~  co,  oi  =>  CA  <8  B] 

CO,~  M;CA,A'],~  CO, O'] , ~  CA0B]  ==>  ?0 


i.h.  on  C i 
-oR 


similarly  for  C2 
0R 


lem.  2.13 


Case  The  principal  formula  in  the  last  rule  in  C  uses  a  connective  specific  to  classical  linear 
logic.  For  example,  consider  _L  R: 


C  ::  T  ;  A  =>c  O  ;  M7 
r ;  A  =>c  o,±;vp 


±  R. 


co,~ 

CO,~ 

CO,~ 

CO,~ 


m;CAl,~COl=>?o 
m;CAl,~CQl,i=>?o 
m ;  CA] ,  ~  CO]  =>  C±1 
m;CAL~COl,~Cxl=>?o 


i.h.  on  C' 
i.h.  on  1L 


?R 


lem.  2.13 


Case  The  principal  formula  in  the  last  rule  of  C  uses  the  classical  ?.  For  example: 


C 


C  ::r;A=>-;W 
r  ;  ?  A  =>  • ;  M7  'L 


CO,~m;CAl=>?0 
CO,~m;-=>~CAl 
CO,~m;-=>!~CAl 
CO,~m;C?Ai=»?o 
The  case  for  ?  L  is  similar. 


i.h.  on  C' 
-O R 


\R 


lem.  2.13 


□ 
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Thus,  every  classical  proof  has  an  interpretation  as  an  intuitionistic  proof.  To  com¬ 
plete  the  embedding,  we  need  to  show  that  it  is  meaning-preserving,  i.e.,  that  every 
intuitionistically  valid  sequent  in  the  image  of  the  translation  is  also  classically  valid. 

Theorem  2.15  (Soundness).  t/TT]] ,  ~  [['TJ  ;  [[A]] ,  ~  [[Q]]  =>  ?  0  then  I ;  A  =>c  G  ;  vh- 


Proof  sketch.  Since  every  intuitionistic  proof  is  also  a  classical  proof,  by  lem.  2.13|  we 
conclude  that  IT]] ,  ~  [[W]] ;  [[A]] ,  ~  [[QJ  =>c  ?  0 ;  We  then  use  the  fact  that  classically 
?  0  =_L,  i.e.,  ~  A  =  -i A  to  conclude  that  [T]|  ;  [[A]]  =>c  1^1  ;  fl^F]].  Finally,  we  note  that  the 
|[-]|  translation  is  an  equivalence  for  classical  linear  logic  (i.e.,  both  ■ ;  [[A]]  =>c  A  ;  •  and 
• ;  A  =>c  EA]]  ;  •  may  be  shown).  □ 


One  direct  consequence  of  this  embedding  is  that  we  can  reason  about  classical  linear 
theories  in  translation  into  our  intuitionistic  setting.  The  proofs  that  we  obtain  in  this 
fashion  are  not  only  intuitionistic  proof  but  also  manifestly  classically  valid  also  because 
the  translation  is  an  equivalence  in  classical  logic.  However,  intuitionistic  proof  search  in 
the  image  of  the  translation  may  not  be  as  efficient  as  a  direct  classical  proof  search  because 
the  space  of  possible  proofs  is  much  larger  in  the  latter  case.  In  principle,  however,  we 
lose  no  expressivity  in  restricting  ourselves  to  intuitionistic  linear  logic  extended  with  the 
possibility  judgement. 

The  translation  outlined  in  this  section  is  a  specific  instance  of  the  parametric  double¬ 
negation  translation  due  to  Friedman  1138 ll,  extended  to  the  linear  setting,  where  the 
parameter  is  instantiated  to  be  ?  0.  In  a  recent  work  Il27l  we  have  extended  Friedman's 
idea  to  linear  logic  and  shown  that  with  choices  of  the  parameter  other  than  ?  0  yield 
surprising  results.  For  example,  the  linear  MIX  rules  due  to  Girard  Il42l  can  be  modeled 
in  the  translation  by  selecting  1  for  the  parameter,  giving  a  judgemental  explanation  for  a 
calculus  that  supports  such  rules. 


2.1.4  First-order  quantification 

The  language  of  propositions  thus  far  has  been  propositional.  In  this  section  we  shall 
extend  them  with  first-order  quantification  (V  and  3).  The  quantifiers  range  over  the 
following  simple  language  of  untyped  terms. 
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(terms)  s,tr... 


x 


f  (f  1/  ^2/  •  •  •  /  tfj) 


where  x  ranges  over  a  countably  infinite  set  of  variables,  and  /  over  a  collection  of  function 
symbols.  As  usual,  constants  are  treated  as  nullary  functions.  Atomic  predicates  are 
extended  to  be  predicates  over  these  terms;  that  is,  they  are  of  the  form  p(t\,  t2, . . . ,  t„).  A 
list  of  terms  will  be  written  using  a  vector  notation,  t. 

Initial  sequents  are  of  the  form  T ;  A ;  p(t)  res  =>  p(t)  goal.  The  right  and  left  rules  for 
the  quantifiers  are  as  follows: 

D  ::  T ;  A  =>  [a/x\A  goal  a  D  ::  T ;  A,u:[t/x\A  res  =>  J 

VR(a.  D ;  Vx.A) ::  T ;  A  =>  'ix.Agoal  VL(u.  D,  t  ;v:Vx.A) ::  T ;  A ,v:Vx.A  res  =>  /  ^ 

D  ::  T;  A  ==>  [t/x\Agoal  T)  ::  T;  A, u:[a/x\A  res  ==>  /  a 

3R(D,  t ;  3x.A)  ::  T ;  A  ==>  3x.A  goal  ^  3L(a.  u.  D ;  u:  3x.A)  ::  T ;  A,  v:  3x.A  res  =>  / 

For  ill  and  3L,  the  term  a  represents  a  parameter,  i.e.,  a  variable  that  appears  nowhere  in 
the  conclusion  of  the  rule. 

The  principal  cuts  are  immediate  for  the  quantifiers. 

VR(a.  D ;  Vx.A)  +u-\/x.A  VL(z>.  &,t;u:  Vx.A)  =  [t/a]D  +vv/x\a  W / v\& 

3 R(D,  t ;  3 x.A)  +u-3x.a  3 L(a.  v.S;u: 3 x.A)  =  D  +V'it/x\A  [v'/v][t/a]8 

Per  usual  convention,  the  label  v'  is  taken  to  be  fresh.  The  inductive  cases  of  the  identity 
principle  are  straightforward. 

T ;  [a/x]A  ==>  [a/x\A  T ;  [a/x\A  ==>  [a/x\A 

r ;  VX.A  =>  \a/x\A  VL  T ;  [a/x]A  =>  3x.A  3R 
r  ;Vx.A^>Vx.A  T ;  3x.A  =>  3x.A 

2.1.5  Summary  of  the  formal  system 

Propositions  are  formed  out  of  the  following  grammar. 

(terms)  s,  t, ...  ::=  x  (variables) 

|  f(t\,  t2,  ■  ■  ■ ,  tn)  (functions) 

(propositions)  A,B,...  ::=  p{t\,  t2, . . . ,  tn)  (atomic) 

|  A®B  |  1  (multiplicative  conjunction  and  unit) 
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A-oB 
A&B  |  T 
A®B  |  0 
l  A  |  ?  A 
Vx.A  I  3x.A 


(linear  implication) 
(additive  conjunction  and  unit) 
(additive  disjunction  and  unit) 
(exponential) 
(ordinary  quantifiers) 


Sequents  with  their  derivations  have  the  following  form: 


2)  ::  U\  :  (Ai  unr), . . . ,  um  :  (Am  unr ) ;  V\  :  (Bi  res), . . .  ,vn  :  ( Bn  res) 


r 


|  C  goal. 
[  C  poss. 

/ 


The  judgemental  labels  unr,  resand  goal  are  suppressed  except  when  relevant.  2)  is  the  derivation, 
whose  grammar  will  be  presented  together  with  the  rules  of  the  calculus. 


Judgemental  rules 


init(u  :  p(f))  ::  T ;  u  :  p(f)  =>  p(f} 


init 


2)  ::  T,  u  :  A  ;  A,v  :  A  =>  J 
copy  (u.  2)  ;v:A)  ::T,u  :  A;  A  =>  / 


copy 


2)  ::  T;  A  ==>  A  goal 
poss(2))  ::  T ;  A  =>  A  poss 


poss 


Multiplicative  rules 


2)  ::  T ;  A  =>  A  D'  ::T ;  A'  =>  B 
®R(D,D'  ;A®B)  ::  F ;  A,  A'  => A®B 

D  ::  A,  u  :  A,v  :  B  ==>  / 


®R 

®L 


®  L(u.  v.  D ;  zv  :  A  ®  B)  ::  A  ,zv  :  A®B  =»  C 

2)  ::  T ;  A  ==>  / 

IK  ::  T ;  •  =>  1  1R  1L(2) ;  u  :  1)  ::  T ;  A,u:l  =»  /  1L 


2)  ::  T ;  A,  u  :  A  =>  B 


-oR 


-O R(u.  2) ;  A  -o  B)  ::  T ;  A  =>  A  -o  B 

2)  ::  T ;  A  ==>  A  2)'  ::  T ;  A',  u  :  B  ==>  / 
^L(D,u.D';v:A^B)  ::  Y ;  A,  A'  ,v  :  A  ^  B  =>  / 
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Additive  rules 


D  ::  T ;  A  =>  A  D' ::  T ;  A  =>  B 
&R(£>,£>'  ;A&B)  ::  T;  A  =>  A&B  & 

_ D  ::  T ;  A,  u  :  Aj  =>  / _ 

&zLj(u.  D;v:A1&cA2)::T;A,u:A1&A2=^C  1 

2)  ::  T ;  A  ==>  A 

®Ri(D ;  A  ©  B)  ::  T ;  A  =>  A  ®  B  ®  1 

2)  ::  T ;  A,  u  :  A  ==>  C  D'  ::T ;  A,v  :  B  ==>  / 

©L(m.  2),  Z7.  2)' ;  iv :  A  ©  B)  ::  T ;  A,  w  :  A  ©  B  ==>  / 

TR  ::  T;  A  =>  T  TR  0L(w:0)  ::  T;  A,u  :  0  =>  /  °L 


*  €  {1,2} 
i  6(1,2} 


Exponentials 

2)  ::  T  =>  A  2)  ::  T,  w  :  A  ;  A  =>  / 

!R(2);!A)  ::  T ;  •  ==>  !A  !R  !L(w.  2) ; p: !A)  ::r;A,z;:!A^  /  !L 

2)  ::  T ;  A  =>  A  poss  2)  ::  T ;  m  :  A  ==>  C  poss 

?R(2);?A)  ::  T ;  A  =>  ?A  ?R  ?L(w.  D;v:?A)  ::T;v:  ?A  ^  C  poss 


Quantifiers 

2)  ::  T ;  A  =>  [fl/x]A  2)  ::  T ;  A, »  :  [t/x]A  =>  / 

VR(a.  2) ;  Vx.A)  ::  r ;  A  =>  Vx.A  VK  VL(w.  D,t;v:  Vx.A)  ::  r ;  A, v  :  Vx.A  =>  / 

2)  ::  T ;  A  =>  [£/x]A  2)  ::  F ;  A,  m  :  [a/x]A  =>  / 

3R(2),  t ;  3x.A)  ::  T ;  A  ==>  3x.A  dK  3L(a.  u.  D;v:  3  x.A)  ::  T;  A,y  :  3x.A  =>  /  dL 

Definition  2.16. 

1.  The  free  labels  in  a  derivation  D,  written  fl(2)),  are  as  follows: 

fl(init  (n:p(t)))  =  {u}  fl(poss(2)))  =  fl(2)) 

fl(copy(w.  D;v:A ))  =  fl(2))  \  {w} 
fl(0R(£>i, £>2;A®B))  =  &(Dx)  U  fl(D2)  £1(1R)  =  0 

fl(0L(u.  u.  2) ;  zo:A  0 B))  =  fl(2))  \  {u,v}  U  {? w }  fl(lL(2) ;  u:l))  =  fl(2))  U  {u} 
£L(-oR(m. D;A-oB))  =  fl(£>)  \  {«} 
fl(-oL(2),  w.  D'  ;v: A  ^  B))  =  fl(£>)  U  fl^')  \  {u}  U  {y} 
fl(&R(£>!,  £>2  ;  A  &  B))  =  £!(£>!)  U  fl(£>2)  fl(TR)  =  0 
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fl(&L/(w.  D  ;v:A1  &  A2 ))  =  d(D)  \  {w}  U  {z^} 
fl(©B,(£> ;  Ai  ©  A2))  =  fl (£>)  £1(0 L(u :  0))  =  {u} 

fl(0L(w.  D,v.  T)'  )w. A®  B))  =  fl(D)  \  {w}  U  fl(£>')  \  {z;}  U  {w} 


fl(!R(D ; !  A))  =  fl(D) 
fl(?R(£>;?A))  =  fl(£>) 
£l(VR(fl.  D ;  Vx.A))  =  fl(D) 
£L(3R(D,t;3x.A))  =  fl(£>) 
Theorem  2.17  (Structural  properties). 


fl (!L(m.  D-,v:\A))  =  fl(£>)  \  {«}  U  {z;} 
fl(?L(u.  £> ;  v.lA))  =  fl(£>)  \(h)U  {z;} 
fl(  VL(m.  £>,f ;  p:  Vx.A)  =  fl(£>)  \{u)  U  {zz} 
fl(3L(fl.  zz.  D;  zz:3x.A)  =  fl(D)  \  {w}  U  {zz} 


1.  If  D  ::  T ;  A  ==>  /,  then  D  ::  T,T' ;  A  =>  J.  (weakening) 

2.  If  D  ::  T,u  :  A,v  :  A ;  A  =>  J,  then  [u/v]D  ::Y,n  :  A ;  A  ==>  J.  (contraction) 


Proof  By  induction  on  the  structure  of  D  in  each  case.  □ 

We  shall  present  the  identity  principle  using  a  computational  procedure  that  constructs 
the  identity  derivation,  and  then  prove  that  the  constructed  derivation  is  a  valid  derivation 
for  the  identity 

Definition  2.18  (Identity  computation).  V\Ie  define  the  operation  "id"  from  labelled  propositions 
to  sequent  derivations,  hereditarily,  using  the  following  equations. 

id  (u\p(t))  =  init(u:p(i)) 

id(u  :A<S>B)  =  <S>L(v.w.  ®  R(id(zz :  A),  id(zt> :  B) ;  A  <g>  B) ;  u :  A  <g>  B) 
id (u :  1)  =  1L(1R ;  u :  1) 

id(zz:A  -°  B)  =  -<>R(v.  -°L(id(zz:A),ztf.  id(zt>:£>) ;  u\A  -°  B) ;  A  B) 

id(i/:A&B)  =  tkR(&zLi(v  id(z>i:A) ;  ir.A  &  B),&L2(v2.  id  (v2:B)  ;u:A&B);A&B ) 
id(zz :  T)  =  T  R 

id(z/:A  ®  B)  =  ©L(zz.  ®  Ri(id(v:A) ;  A®  B),w.  ffi  R2(id(w:  B) ;  A  ffi  B) ;  u:A  ffi  B) 
id (u :  0)  =  0 L(u :  0) 

id(u:  !A)  =  \L(v.  !B(copy(zzz.  id(za  :  A)  ;v:  A) ; ! A)  ;u:  !A) 
id(z/:?A)  =  ?R(?L(v.  poss(id(zz: A)) ;  u:?A) ;  ?A) 
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id(iz:Vx.A)  =  VR(zz.  VL(zz.  id (v:[a/x\A) ;  uWx.A)  ;  Vx.A) 
id(zz:3x.A)  =  3L(a.  v.  3R(id(v:  [a/x\A),a ;  3x.A)  ;u:3x.A) 

Theorem  2.19  (Identity  principle). 

For  any  proposition  A  and  context  T,  we  have  id(u :  A)  ::  T ; ;u:A  =>  A. 

Proof.  Induction  on  the  structure  of  A,  using  definition [2A8] as  appropriate.  The  following 
is  a  representative  example. 

id(z;  :  A)  ::  T  ;  v  :  A  =>  A  id(w  :  B)  ::T  ;w  :  B  =>  B 
®R(id(z? :  A),  id (w  :  B) ;  A  ®  B)  ::  T  )V  :  A,w  :  B  =>  A  ®  B 
®L(z>.  w.  ®  R(id(z; :  A),  id(w  :  B) ;  A  ®  B) ;  u  :  A  <g>  B)  ::  T ;  u :  A  ®  £>  =>  A  ®  B  □ 

Cut  elimination  will  be  presented  as  a  computation  on  derivations. 

Definition  2.20  (Cut  elimination  as  computation).  We  define  f/ze  binary  operations  +,  +j  and 
+■?  on  derivations  such  that 

1.  if  D  ::  T ;  A  =>  A  goal  and  £  ::  T ;  A iz :  A  =>  J,  f/zen  2)  +  Ji:A  £  is  defined. 

2.  if  D  ::  T ;  •  =>  A  goal  and  £  ::  T,  u  :  A ;  A  =>  J,  then  D  +\U:A  £  zs  defined. 

3.  if  D  ::  T ;  A  =>  A  poss  and  £  ::  T ;  u  :  A  =>  C  poss,  then  D  +7U:A  £  zs  defined. 

These  three  operations  are  defined  in  a  mutually  recursive  fashion  as  follows.  We  use  the  convention 
that  primed  labels  are  fresh,  i.e.,  not  occurring  freely  in  any  of  the  sub  derivations. 

a.  Initial  cases 

init(zz  :  p(t))  +v.p{f)  6  =  [u/v]S 
®  +u:p(h  init(U  :  P(^)  =  ® 

fo.  Principal  cases 

<8>R(Di,D2  ;  A  ®  B)  +zrA®B  ®L(u.  v.&-,w:A®B)  =  Di  +„/:a  (D2  +l,':g  [u' /u,v' /v]S) 

1R  +/ci  1B(£ ;  zz :  1)  =  £ 

-°R(u.  !D  ;A  -o  B)  +w:a-oB  -°L(&i,v.  £2  ;  w:  A  B)  =  (Si  +U’:A  \u' /u\D)  +V’:B  W /v\S 2 
&R(2>i,2)2  ;  Ai  &  A2)  +Z):Ai&a2  &C(W-  S',w.Ai  &A2)  =  2),-  [m7w]£ 

©R/(2) ;  Ai  ©  A2)  +h;:a©b  ©h(ui.  £i,  u2.  £2  ;  w  :  A  ®  B)  =  D  +„':a,  [m-/wz]£z 

!R(2) ;  !A)  +V-\A  \L(u.  S;v:!A)  =  2)  +\U>:A  [zz7I(]£ 
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?R(G ;  ?A)+v:7A?L(u.  £ ;  v  :  ?A)  —  G  +7u':A  \u' /u\ £ 

VR(fl.  2) ;  Vx.A)  +v-sx.a  VL(u.  £,  t ;  o :  Vx.A)  =  [£/<?]£>  +!/'{f/.T]A  [«'/«]£ 
3R(2),  t ;  3x.A)  +^3*^  3L(a.  u.£;v:  3x.A)  =  2)  +„/:[t/x]A  [t/a][u'/u\£ 


c.  Left-commutative  cases  (here  -H-  stands  for  either  +  or  +?) 

®L(u.  v.  2) ;  w.A  ®  B)  -H-Z:c  £  =  ®L(u' .  v' .  \u' /u,v' /v]G  -H-Z:c  £ ;  w.A  <8>  B) 

1L(G ;  u :  1)  -tt-y.c  £  =  1L(G  -H -v-c  £ )  u :  1) 

— °L(2),  U.  G'  )  V A  — o  B)  -H-a;:c  £  =  ~°L(G,  u' .  [ur /u\ G'  -H-al:c  £  }V'.A  —o  B) 

&cLj(ii.  G  ;v:A&zB)  -H-^c  £  =  &£■(«'.  [u' /u]G  -H-U,:c  £;v:A&zB) 

®L(u.  G,v.  G'  -,zv  :  A®  B )  -H-Z:c  £  =  ®L(u'.  [u' /u]G  -H-z;c  £,  z/.  [t’7^]2)/  -H-Z:c  £ ;  ©  B) 

0 L(u :  0)  £  =  0L(m  :  0) 

!L(w.  2) ; o:  !A)  -h-^c  £  =  !L(w'.  [«'/w]A  -h -ikq  £;v:IA) 

?L(u.  G ;  v:?A)  -H-^c  £  =  ?L(u'.  [«'  /  ;(]A  -H-^c  £ ;  o:?A) 

VL(w.  2),f  ;v:Vx.A)  -tt-w:c  £  =  VL(u'.  [u' /u\G  £,f  ;v:s/x.A) 

3L(a.  u.G  -,v.3x.A)  -ti-w:c£  =  3L(a.  u' .  [u'/u\G  -H-n>:C  £ ;  v.3x.A) 
copy(w.  G;v ;  A)  + W:C  £  =  copy (u'.  [u'/u]G  -u-w:C  £,  v ;  A) 

d.  Right-commutative  cases  (here  -H-  stands  for  either  +  or  +j) 


G  -h-u:C  ®R(£, £'  ;A®B) 


|  ®R(G  -h -,i:c  £,£'  ;A®B)  ifue  fl(£),  or 

|®£(£,2)+i;:c£';A®B)  //«  e  fl(£') 


G  -w-u:c  ®L(v\.  V2 .  £  ;zv:A®  B)  =  ®L(v'v  v'2.  G  -H -u-c  [v'xlvi,v'2lv2\£  ;zv:A®B) 


G  ~ft-u:C  ~°R(p.  £ ;  A  —o  B)  —  — ° R(v' .  G  \vr /v\£ ;  A  — o  B) 

f —°L(G  -H-; rc  £,v.  £' )  zv  A  — o  B) 
G+u:C^>L(£,v.£';zv:A-oB)  =  l 

-°L(£,  v'.  G,  -ft-u-.cW !v\£' ;  zv  :  A  -o  B) 


if  u  €  fl(£),  or 
if  u  €  fl(£') 


G  +„:C  &R(£,  £' ;  A  &  B)  =  &R(2)  +„:C  £,  2)  +M:C  £' ;  A  &  B) 
G  -H -U:c  SzLfv.  £ ;  zv: A  &  B)  =  &L,(v'.  G  -H -u:c  W /v\£  ;zv:A&z  B) 


G  +„:C  T R  =  T R 

G  -H -u_c  ®Ri(£  /  A  ©  B)  =  ®RfG  -H -U:C  £ )  A  ©  B) 

2)  -h-i,:c  ®L(v.  £,zv.£'  ;z:  A®  B)  =  ®L(v'.  G  -H-U:c  [vr /v\£,  zv' .  G  +u:c  [zv' /zv\£'  ;z:A®B) 
G  -H -U:C  0L(v:0)  =  0L(o:0) 

G+U,c  <R(£;!A)  =  \R(G+!U:C£;!A) 
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2)  +\U:C  lL(v.  G;w:!A)  =  \L(v' .  2)  +u:c  [v' /v\& ;  w:\A) 

2)  +I(:C  ms ;  7  A)  =  7R(D  +„:C  £ ;  ?A) 

2)  +!u:c  ?L(i7.  £ ;  zv:?A)  =  ?L(v'.  2)  +w.c  W /v\& ;  w\7A) 

2)  +M:C  VR(a.  £ ;  Vx.A)  =  VR(a.  2)  +U:C  £ ;  Vx.A) 

2)  -h-m:c  VL(y.  £,f ;  w.'ix.A )  =  VL(z/.  2)  -h-m:c  |V/p]£,f ;  w'ix.A) 
2)  +„:c  3R(£,  t ;  3x.A)  =  3R(2)  £/ 1 ;  3x.A) 

2)  3L(a.  i7.  £ ;  zc:3x.A)  =  3L(a.  7.  2)  -H-U:c  |V/p]£ ;  zv :3x.A) 

2)  -H -U:c  copy(z7.  £ ;  zv :  A)  =  copy(z/.  2)  -H -u-.c  W I v\& ;  zv:A) 

D  -H -u-.C  pOSs(£)  =  pOSs(2)  -H-jcC  £) 

For  the  <g>R  and  -o L  cases  only  one  of  the  two  possibilities  zvill  be  defined. 

e.  Structural  cases 


D  +[U:A  copy(w.  £;v:A)  =  2)  +„/:a  (2)  +lv:A  [• u'/u]S ) 
poss(2))  +?U:A  £  =  2)  +,<:A  £ 

We  then  prove  that  these  operations  correspond  exactly  to  the  three  cases  of  cut. 
Theorem  2.21  (Cut  elimination). 

(1)  If  D  ::  T;  A  =>  A  &S  ::  T  ;  A',u  :  A  ==>  J,  then  2)  +ll:A  6  ::  T;  A,  A'  =>  /. 

(2)  1/2)  ::  r ;  ■  =>  A  £  £  ::  T,  u  :  A  ;  A  =>  J,  then  2)  +hl:A  S  ::  T  ;  A  ==>  J. 

(3)  J/2)  ::  T ;  A  =>  A  poss  &  £  ::  T ;  u  :  A  =>  C  poss,  then  7D+?U:A  ::  T ;  A  =>  C  poss. 

Proof.  The  proof  will  use  a  lexicographic  induction  on  the  structure  of  2)  and  £.  We  shall 
assume  that  the  inductive  hypothesis  can  be  used  whenever: 

1.  the  cut  formula  is  strictly  smaller;  or 

2.  the  cut  formula  remains  the  same,  but  the  inductive  hypothesis  is  used  for  cut  kind 
(3)  in  proofs  of  cut  kind  (2)  and  cut  kind  (1),  or  for  cut  kind  (2)  in  proofs  of  cut  kind 
(1);  or 

3.  the  cut  formula  and  &  remain  the  same,  and  2)  is  strictly  smaller;  or 

4.  the  cut  formula  and  2)  remain  the  same,  and  £  is  strictly  smaller. 

Initial  cuts  Here,  either  2)  or  £  ends  with  "init". 
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Case.  D  =  init (u:p(t))  ::  Y  ;  u:p(t)  =>  p(t)  and  £  T  ;  A,  v  :  p(t)  =>  /. 

In  this  case,  !F  =  [u/f]£  ::  T ;  A,  m  :  p(t)  ==>  p(t). 

Cbse.  D  ::  T  ;  A  ==>  p(t)  and  S  =  init (v:p(t))  ::  Y  ;  u  :  p(t)  =>  p(t).  In  this  case,  T  =  D. 

Principal  cuts  In  these  cases,  the  cut  formula  was  last  inferred  by  a  right  rule  in  D  and 
a  left  rule  in  6.  All  of  these  cases  have  been  sketched  before.  We  shall  give  only  one 
representative  case: 

£>i  T ;  A  =>  A  £>2::r;A'=>B 
D  =  ®R(DlrD2;A®B)  ::  Y;  A,  A'  =>  A  ®B 

_ S'  ::  Y  ■  A',n  :A,v:B  =»  / _ 

&  =  ®L(u.  v.  S'  ;w.A®B)  ::Y ;  A',w:A®B  =>  / 

^1  +»':A  [u' /u,v' /v]S'  ::  T  ;  A,  A " ,v' :B  =>  /  i.h.  (smaller  cut  formula) 

D2  +i/:b  (£>1  +k':A  "  T ;  A,  A',  A"  =»  /  i.h.  (smaller  cut  formula) 


Truth  cuts  All  cuts  of  kind  (2)  are  treated  as  right-commutative  cuts  except  for  the  case 

where  the  last  rule  in  &  is  "copy".  In  this  case,  D  ::Y ;  ■  =>  A  and 

S'  ::  T,  u  :  A  ;  A,  v  :  A  =>  / 

'  '  '  J 


&  =  copy(r>.  S’ ;  u  :A) ::  Y,  u  :  A ;  A  ==>  / 


copy. 


£>  +!„:A  ::  r  ;  A,  A  :  A  =>  / 

£)  +p':A  (•©  +!w:A  W !v\S')  "  T  ;  A  =»  / 


i.h.  {S'  smaller  than  &) 
i.h.  ((2)  used  to  justify  (1)) 


Possibility  cuts  All  cuts  of  kind  (3)  are  treated  as  left-commutative  cuts  except  for  the 
case  where  the  last  rule  in  D  is  "poss".  In  this  case,  S  ::  T ;  u:A  =>  C  poss  and 

D'  ::  T  ;  A  ==»  A  goal 

°  nncc 


D  =  poss(£)')  ::  Y  ;  A  ==>  A  poss 


D'  +?u:a  S  ::  T  ;  A  =>  C  poss 


i.h.  (£)'  smaller  than  D) 


Left  commutative  cuts  The  cut  formula  is  a  side  formula  in  the  last  inference  used  in 
D.  In  these  cases  we  appeal  to  the  induction  hypotheses  with  the  same  cut  formula,  but 
a  smaller  left  derivation.  The  following  is  a  representative  case. 

D'  ::  Y ;  A,  n:B  ==>  A  ,  o  ^  ,  .r 


D  =  D'  ;v:A  &lB)  ::  Y ;  A,z;:B  &  C  =>  A 


S  ::Y  ;A',w:A=>  / 
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D'  +zv.a  \u'/u]&  ::  T;  A,  u'  :  B  =>  /  i.h.  (V  smaller  than  D) 

&zLi(u'.  V  +I(,:A  [u' /u]S  ;w:B  &  C)  ::  T  ;  A,  w:B  &  C  =>  /  &Li 


Right  commutative  cuts  The  cut  formula  is  a  side  formula  in  the  last  inference  used  in 
<5.  In  these  cases  we  appeal  to  the  induction  hypotheses  with  the  same  cut  formula,  but  a 
smaller  right  derivation.  The  following  is  a  representative  case. 


£>::T;  A 


A 


6'  ::T  ;A',u:  A  =>  B 
6  =  ;  B  ®  C)  ::T;A',u:A 


B  ©  C 


®Ri 


+m:A  "  T ;  A,  A'  ==>  B  i.h.  (£'  smaller  than  fi) 

®Ri(£>  +„:A  6' ;  B  0  C)  ::  T ;  A,  A'  =>  B  0  C  ©Ri 


This  completes  the  inventory  of  all  cuts.  □ 

Comparing  this  proof  of  cut  elimination  with  other  proofs  of  cut-admissibility  or  cut- 
elimination  in  the  literature,  it  is  worth  remarking  that  a  nested  structural  induction 
suffices.  No  additional  restrictions  on  the  cut  rules  or  induction  measures  are  required. 
Similar  structural  and  constructive  proofs  for  cut-admissibility  have  been  demonstrated 
for  classical  linear  logic  Il93l,  classical  and  intuitionistic  uniform  sequent  calculi  Il86l [87] 
intuitionistic  contraction-free  logic  |[88ll  and  ordered  logic  H96l. 


2.2  Natural  deduction  and  proofs 

While  the  syntax  of  derivations  introduced  in  the  previous  section  is  fine  for  proof  objects, 
it  is  conceptually  and  presentationally  awkward.  A  more  natural  presentation  of  logic  in 
Martin-Lof's  philosophy  of  logic  use  natural  deduction  as  the  foundation.  In  this  section, 
we  present  a  translation  of  sequent  derivations  into  natural  deduction  proofs.  In  fact,  the 
natural  deduction  proofs  that  will  be  generated  from  our  cut-free  sequent  setting  will  be 
in  j8-normal  and  r/-long  form. 

In  natural  deduction,  we  discard  the  duality  of  resources  and  goals  and  have  just  a 
single  judgement  form,  A  res.  All  rules  always  operate  on  the  right  hand  side  of  the  linear 
hypothetical  judgement.  Like  before,  we  have  judgemental  rules  for  the  structural  properties 
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of  hypothetical  judgements,  and  logical  rules  for  the  various  connectives.  We  also  adopt 
the  judgements  A  poss  from  the  sequent  calculus  setting  in  an  analogous  form. 

Proofs  for  the  judgemental  forms  A  res  and  A  poss  will  be  called  proof  terms  (written 
.)  and  expressions  (written  E,P, . . .),  respectively.  The  hypothetical  natural  deduc¬ 
tion  judgements  are  of  the  form  T  ;  A  \-  M:  A  res  or  T;  A  b  E  -r  A  poss.  Like  before,  T  contains 
the  unrestricted  hypotheses,  A  the  linear  hypotheses,  and  /  the  conclusion  form  (either 
C  res  or  C  poss).  For  convenience  and  brevity,  we  omit  the  judgemental  labels  when  un¬ 
derstood.  The  right  hand  forms  M'.Ares  and  E  -b  A  poss  are  represented  schematically  as 
P  *  J,  with  P  standing  for  the  witness  (M  or  E),  and  /  for  the  judgement  (A  res  or  A  poss). 


Judgemental  rules  The  first  judgemental  rules  define  the  use  of  hypotheses.  We  have 
two  rules,  one  for  each  kind  of  hypothesis. 


T  ;  u:A  h  u:A 


hyp 


T,u  :  A  ;  •  h  u:A 


hyp! 


T ;  A  I -M'.Ares 
T  ;Al-MvA  poss 


poss 


The  proof  for  either  "hyp"  rule  is  the  label  u  of  the  resource  that  matches  the  right  hand 
side.  For  the  poss  rule,  the  same  proof  term  counts  as  a  proof  expression;  this  is  sometimes 
called  a  silent  coercion  in  the  literature. 


Dually,  we  may  substitute  proofs  for  uses  of  a  resource,  which  we  define  as  a  substitution 
principle.  This  theorem  relies  on  two  syntactic  substitution  operations  on  proof  terms  and 
expressions,  written  [M/u]P  and  (E / u )  F  respectively,  the  full  definition  of  which  is  delayed 
until  the  details  of  proof  terms  and  expressions  are  presented  (see  defn.  2.231. 


Principle  2.22  (Substitution). 

1.  IfT ;  A  l-  M:A  and  T  ;  A',  u:A  h  P  *  /,  then  T  ;  A,  A'  I-  [M/w]P  *  /. 

2.  IfT ;  ■  h  M:  A  and  T,u  :  A ;  A'  I -  P  *  J,  then  T ;  A  h  [M/u]P  *  J. 

3.  IfT ;  A  I -  E:A  poss  and  T  ;u:A  b  P  -b  C  poss,  then  T ;  A,  A'  b  ( E/u)F  -b  C  poss. 


Like  with  cut  in  the  sequent  calculus,  we  do  not  realise  these  substitution  principles 
as  inference  rules  but  intend  them  as  structural  properties  of  the  logic  maintained  by  all 
other  inference  rules.  We  can  prove  the  substitution  principles  by  induction  over  the 
structure  of  derivations.  Meanwhile,  the  substitution  principles  can  be  used  to  show  local 
soundness  and  completeness  of  the  inference  rules  characterising  the  connectives. 
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Logical  rules  In  the  judgemental  philosophy,  the  meaning  of  a  propositional  connective 
is  defined  by  its  introduction  rule(s).  Once  a  goal  such  as  A  0  B  is  established,  the  elimination 
rule(s)  for  the  topmost  connective,  0  in  this  case,  describe  the  means  of  decomposing  the 
goal  into  simpler  goals,  or  deriving  resources  from  that  goal  for  establishing  other  goals. 
For  each  connective,  the  introduction  and  elimination  rules  must  together  satisfy  two 
consistency  criteria. 

Local  soundness  criterion:  given  sufficient  evidence  for  the  premisses  of  an  inference 
rule,  we  must  be  able  to  find  sufficient  evidence  for  the  conclusion  of  the  rule.  This 
criterion  manifests  a  check  on  the  strength  of  elimination  rules  -  they  must  not  derive 
evidence  not  already  implied  by  the  premisses.  The  usual  prescription  is  to  define  this 
criterion  by  means  of  a  local  reduction,  written  =>R,  which  shows  how  to  transform  a  proof 
containing  an  introduction  of  a  connective  followed  immediately  by  its  elimination  into  a 
proof  without  this  detour. 

Local  completeness  criterion:  by  eliminating  a  given  propositional  connective,  we 
must  obtain  enough  evidence  to  reconstitute  the  connective.  Again,  the  usual  approach 
is  to  define  this  criterion  by  means  of  a  local  expansion,  written  =>R,  which  shows  how  to 
transform  a  proof  of  a  given  proposition  into  one  that  introduces  its  main  connective. 

I  will  illustrate  these  criteria  with  one  example,  that  of  the  multiplicative  conjunction, 
0.  Its  introduction  and  elimination  rules  are  follows. 

T;A  jhM:A  T;A2hN:8 
T;  Ai,A2  b  (M 0  N): A  0 B  ® 

T  ;  Ai  l-  M:A0B  T  ;  A2,u:A,v:B  \- P  *  J 
T;A1,A2  b  (let u 0 =  M in P)*J  0E 

Local  soundness  is  the  following  reduction: 

T  ;  Ai  b  M:A  T;A2bN:B 

T ;  Ai,  A?  b  (M  0  N) :  A  0  B  0i  T;  A3,u:A,v:B  b  P*J 

T ;  Ai,  A2,  A3  b  (let  u  0  z>  =  M  0  N  in  P)  *  /  0E 

=^r  T ;  Al7  A2,  A3  b  [M/u,  N/v]P  *  J. 

This  reduction  in  the  proof-terms  is  the  familiar  /3-reduction: 

letu  0  v  =  M<S>N  in  P  =>R  [M/u,N/v]P. 
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Conversely,  local  expansion  is  the  following  transformation: 


T;  A  l-  M:A®B 


r;u:A,u:AhyP  r-,v:B  h  v:B  ^ 

— - ' -  for 

T ;  u:  A,v:B  1-  (u  0  v):  A  0  B 


T ;  A  h  (let u  0  v  -  M  in  u  0  v):A  0  B 
For  the  proof-terms  alone,  this  is  again  the  familiar  /^-expansion: 

M:A0B  =>E  letu<S>v  -  Min  m  0m 


®E 


Multiplicative  rules  The  following  are  the  rules  for  the  multiplicative  connectives  0, 1 
and  -o. 

T;A1hM:A  T ;  A2  b  N:B  Y  ;  Ai  h  M:A  0  B  T ;  A2,u:A,v:B  \-  P  *  J 

r;A1(A2h(M0N):A0B  0  T ;  Alf  A2  h  (let  u®v  =  M  in  P)*J  ®E 

T ;  A  h  M:1  T;A'l-P*/ 

T;-  b*:l  11  T ; A, A'  h  (let *  =  M  in  P)  *  /  1E 

T  ;A,h:A  l-  M:B  T ;  A  b  M:A  -o  B  T ;  A'  N:A 

T;Ab  (Am.M):A-oB  ^  T ;  A, A' b  (MN):B 


Local  reduction  and  expansion  are  as  follows: 


let  u  0  v  -  M  0  N  in  P 

let  *  =  *  in  P 

(Am.  M)  N 


=>r  [M/m,  N/v]P 

=^rP 

=>r  [N/m]M 


M:A  0  B  =>£  letM  0  v  -  Min  u  0  m 
M :  1  =>e  let  *  =  M  in  * 

IsA’.A  — o  B  — >£  Am.  M  m 


Additive  rules  The  rules,  local  reductions,  and  local  expansions  for  &,  T,  ©  and  0  are  as 
follows. 


T  ;  A  b  M:A  T  ;  A  h  N:B 
T ;  A  b  (M,N):A  &  B 


T ;  A  b  M:A  &  B  T;AhM:A&B 

T;Ah  (fstM):A  &hl  T;Ab(sndM):B 


T ;  A  b  M:A 
T;  A  b  (inlM):A  ®  B 


©h 


T ;  A  b  M:B 
T ;  A  b  (inrM):A  ©  B 


ffil2 


T;AhM:AffiB  T ;  A',u:A  P  *  J  T ;  A',m:B  b  Q  *  / 

T ;  A,  A'  1-  (case  M  of  ini  u  =>  P  |  inr  m  =>  Q)  *  /  ®E 
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r;Ah():T 


r  ;  A  b  M:0 

T ;  A  b  (abortM)  *  J 


T I 


fst (M,N)  =>r  M  snd (M,N)  =>R  N  M:A  &  B  =>E  (fstM,sndM) 

(case  inlM  of  ini  u  =>  P  \  inr  v  =>  Q)  =>r  [M/u]P 
(case  inrM  of  ini  u  =>  P  |  inr  v  =>  Q)  =>r  [M/i/]Q 

M:A  ©  B  =>e  (caseM  of  inli/  =>  inli i  |  inlz;  =>  ini 
M:T=»E()  M:0=»EabortM 


v) 


Exponential  rules  The  rules,  local  reductions,  and  local  expansions  for  !  and  ?  are  as 
follows. 


T ;  •  b  M:A  T  ;  A  b  M : !  A  T,u:A  ;  A'  \-  P  *  J  ( 

T;-  b  (!M):!A  17  T ;  A,  A'  b  (let  \u  =  M  in  P)  *  /  !E 


T ;  A  I-  E  ©  A  poss 
T ;  A  b  ?E:?A 


T;AbM:?A  T  ;  t/ :  A  b  E  -b  C  poss 
T ;  A  b  (let  ?u  =  M  in  E)  -b  C  poss 


let  !u  =  !M  in  P  =>r  [M/u]P 

M:  !A  =>E  let  !t/  =  M  in  !i/ 
let?i/  =  ?E  inP==>R  <E/w)P 

M :  ?A  =>E  let  ?u  =  M  in  ?u 


Quantifier  rules  The  rules,  local  reductions,  and  local  expansions  for  V  and  3  are  as 
follows. 

T;  A  b  ([a/x]M):[a/x]A  T;AbM:Vx.A 

T;Ab  (Ax.  M) :  Vx.A  VF  T  ;  A  b  (M  •  £):[f/x]A  VE 

T  ;  A  b  ([f/x]M):  [f/x]A  T;AbM:3x.A  T;A',«:[fl/x]AbP*/ 

T  ;  A  b  [f,  M]:3x.A  31  T ;  A,  A'  b  (let[fl,n]  =  MinP)*/  3E" 


(Ax.  M)  •  f  =>r  [f/x]M 
let  [fl,  u]  =  [f,  M]  in  P  =>R  [f/a,  M/ i/]P 


M :  Vx.A  =>E  Ax.  M  •  x 
M :  3x.A  =>E  let  [a,  u]  =  M  in  [a,  u ] 


49 


Because  we  now  have  the  full  inventory  of  proof  terms  and  expressions,  we  can  give  the 
full  definition  of  the  substitution  operation.  The  definition  of  the  expression  substitution, 
(E/u)F  is  adapted  from  a  similar  definition  for  modal  substitution  in  [|94|. 


Definition  2.23  (Substitution). 


1.  The  operation  [M/u]P  is  the  standard  capture-avoiding  substitution  of M for  free  occurrences 
ofu  in  P.  The  notation  [Mi/iq, . . .  ,Mn/u„]N  is  used  to  mean  the  Mi  are  substituted  for  the 
free  Uj  in  N  simultaneously,  avoiding  capture;  this  definition  is  also  standard. 

2.  The  operation  ( E/u )  F  is  defined  as  follows: 


(M/u)F 

(let  v  ®  w  -  M  in  E/u)  F 
(let*  =  M  in  E/u)F 
(caseM  of  inlzq  =>  Ex  |  inrz^  =>  E2/u)F 

( abort  M/u)  F 
(let!  v  =  M  in  E/u)F 
(let?u  =  Min  E/u)F 
(let  [ a,v ]  =  M  in  E/u)F 


[M/u]F 

let  v  ®  w  =  M  in  ( E/u)F 
let*  =  M in  ( E/u)F 

case  M  of  ini  Vi  =>  (E1/u)F  |  inrz^  =>  ( E2/u)F 

abort  M 

let !  v  =  M  in  ( E/u)F 
let  ?  v  =  M  in  (E/u)  F 
let  [ a,v ]  =  M  in  (E/u)  F 


This  substitution  is  also  understood  to  be  capture-avoiding;  capture  can  be  avoided  by  first 
renaming  the  bound  variables  in  E  to  be  distinct  from  all  free  variables  in  F. 


2.2.1  From  the  sequent  calculus  to  natural  deduction 

In  this  section  we  shall  prove  the  completeness  of  the  natural  deduction  calculus  with 
respect  to  the  sequent  calculus.  As  usual,  this  proof  will  be  constructive,  giving  a  process 
of  transforming  a  sequent  derivation  into  a  natural  deduction  proof  term. 

Definition  2.24  (Sequent  derivations  to  natural  deduction  proofs).  We  define  the  translation 
t— >  between  sequent  derivations  and  natural  deduction  proofs  as  a  derivation  with  the  following 
rules. 


init(w:p(f)) c—*  u 


-  c— unit 
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D  ■ 


copy(u.  T) ;  v:  A)  [»/;/]P 
D <— »  M  D' 


^►copy 


T) 


®R(D, D'  ;A®B)^>M®N 

^>1R 


®R 


poss(D)  P 
D'—tP 


c — >poss 


IP  1 

D^>M 


-oR(u.  D  ;A-o  B) 


<^-o  R 


0L(m.  v.  D  -,zv:A®  B)  ^ 

_ D^P _ 

1L(D ;  u :  1) c — >  let  *  =  u  in  P 

D^M  D' 


let u®v  =  w  in P 
<-^lL 
<->N 


>®L 


Am.  M  '  ““  -oL{D,  u.  2D' ;  v  \  A  -o  B)  [v  M/u]N 

D^M  D'  N  „  „ 

&R 


•— oL 


D  ■ 


&R(D, £>' ;  A  &  B)  (M, N) 

P  or  d 


&cL i  (u.  D ;  p :  A  &  B) >  [f st  p/m]P 


>&tL\ 


>©Ri 


&L2 (u .  £) ;  p:A  &  B)  <— >  [snd i?/w]P 


>&cL2 


©Ri(D;  A  ©B)  inlM  ©R2(D ;  A  ©  B)  ^  inrM 

D  <— >  P  £)'  c-*  Q 

©L(u.  D,  u.  £)' ;  w :  A  ©  B)  case  w  of  ini  m  =>  P  |  inr  =>  Q 


>©R2 
— >©L 


TP  1 


()  0L(m  :  0)  c — »  abort  u 


!R(D;!A)^!M 

D^E 

!R(D;?A)^?E  ‘ 


->!R 

>?R 


1) 

!L(m.  D ;v:\A) 
D  • 


let  !m  =  z?in  P 
E 


VR(a.  £> ;  Vx.A)  Ax.  [x/a]M 
D  M 


lL(u.V;v:?A) 
>VR 


let  ?m  =  Z7  in  £ 
D^P 


>\L 

*?L 


3R(D,  t ;  3x.A)  <— »  [f,M] 


>3R 


VL(m.  £>,  t ;  p :  Vx.A)  ^  [0  •  f /w]P 
£) 1 — >  P 

3L(a.  u.  D  ;v: 3x.A)  let  [a, u ]  =  z?  in  P 


—>VE 

^>3L 


Theorem  2.25  (Completeness  of  natural  deduction).  If  !D  ::Y ;  A  =>  /,  f/zen  Pzere  exists  P 
such  that  D^P  and  T ;  A  h  P  *  J. 


Proof.  By  induction  on  the  structure  of  ID,  using  definition  2.24  For  a  representative  case, 
consider 


D\  T )  A,  U\ :  A  >  /  £)2  "  r ;  A,  m2  :  B  >  J 
D  =  ©(mi.  Di,u2.  T>2  ;v:A®B)  \:T ;  A  ,v:A®B  =>  J  ® 


Di  t— »  Pi  and  D2  c— >  ?i  such  that 

T  ;  A,  Ui :  A  \-  Pi  *  J  and  Y  ■  A,  u2:B  \-  P2  *  J 
D  t— »  case  i?  of  ini  Mi  =>  Pi  |  inr  m2  =>  P2 


i.h. 

definition  |2.24| 
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Then  note  that: 


T  ;v:A®B  I-  v:A®B 


hyp 


T ;  A,  U\  \  A  h  Pi  *  J 


i.h. 


T ;  A,  «2  :  B  h  P2  *  J 


T  ;  A,v:A  ©  B  (case v  of  inliq  =>  P1  |  inr u2  =>  P 2)  *  / 


i.h. 

®E 


□ 


With  theorem  2.25  we  have  fulfilled  the  principal  reason  for  introducing  the  natural 


deduction  calculus,  which  was  to  produce  more  perspicuous  proof  objects.  The  extraction 
of  the  natural  deduction  proof  is  in  fact  extremely  systematic,  requiring  no  appeals  to 
complex  procedures  such  as  cut  elimination  on  derivations.  In  the  next  section  we  shall 
go  in  the  opposite  direction,  producing  sequent  derivations  out  of  natural  deduction 
proofs.  This  direction  is  considerably  less  systematic,  requiring  appeals  to  cut  elimination 
at  several  points.  This  should  not  be  surprising,  because  the  sequent  proofs  in  fact 
correspond  to  canonical-jS-normal  rplong-natural  deduction  proofs,  but  there  are  more 
natural  deduction  proofs  than  sequent  proofs. 


2.2.2  From  natural  deduction  to  the  sequent  calculus 


In  this  section  we  will  construct  sequent  derivations  out  of  natural  deduction  proofs  in 
a  constructive  fashion.  It  is  not  directly  relevant  for  the  purposes  of  building  a  theorem 
prover  because  we  never  search  for  natural  deduction  proof  objects;  however,  it  will 
establish  the  soundness  of  the  natural  deduction  calculus  with  respect  to  the  sequent 
calculus,  validating  our  choice  to  present  proofs  in  the  natural  deduction  style. 

Definition  2.26  (Natural  deduction  proofs  to  sequent  derivations).  We  define  the  translation 
from  hypothetical  natural  deduction  judgements  to  sequent  derivations  using  the  following 
inference  rules. 


T  -,u:A  \-  u:A  — ^  id  (u  :A) 


"hyp 


T, u : A  ;  •  I-  u:A  — 
T ;  A  I-  M:A  res  — ^  D 
T ;  A  h  M:A  poss  poss(D) 

T;  A  h  M:A  — >■  D  T ;  A'  \-  N:B 


copy (u.  id(u  :  A) ;  w.A) 
— "poss 


"hyp! 


r;A,A'hM( 
T;  A  h  M\A®B 


<N\A®B <8>R(D,  D'  ■,  A®  B) 
r;A',u:A,v:BhP*J^8 


T ;  A,  A'  1-  (let  u  <8>  v  =  M  in  P)  *  /  — >■  D  +w:a®b  ®L{u.  v.S;tv:Ai. 
T ;  A,u:A\-  M:B  T> 


T ;  A  h  A u.  M:A  — o  B  — x  —oR(ii.  tD ;  A  —o  B ) 


o  I 


» B) 
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r;AhM:A-oB^£>  r;A'hN:A-6 


T ;  A,  A'  I-  (MN):B  D  +u ,:a-«b  (£  +h:A  -°E(id(«  :  A),  p.  id(o  :  B);w  :  A-oB)) 

r;AhM:A-B  r;AhN:B-D' 
r;Ah(M,N):A&B-&R(B,D';A&B) 

_ r;Ah  M:A  &cB  D _ 

T ;  A  l-  (fstM) :  A  — ^  D  +v:a&b  &Ei  (w.  id(«  :  A) ;  o  :  A  &  B) 

_ r;AhM:A&B-D _ 

T ;  A  h  (sndM) : A  ^  D  +y:A&B  &L2(u.  id(w  :  B)  ;v  :  A  &  B) 
r;AhM:A-fl 


^&Ei 

^&zE2 


^©/i 

-®t2 


r ;  A  I-  (inlM):A©B-^©R1(£>;A©B) 
r;AhM:B-B 

T;  A  I-  (inrM) :  A  ©  B  ©R2(D;A©B) 

T;AhM:A®B--D  T ;  A',u:A  h  P  *  J  £t  T;  A',v:B  h  Q  *J  S2 
r ;  A,  A'  h  (caseM  of  ini  u=>  P  \  inro  =>  Q)  *  /  — >■  D  +w-a®b  ©E(w.  £i,p.  £2;zv:A®B) 

r;AhM:O-0 

r;Ah():T-TR  r ;  A  l-  (abort  M)  D  +,,:o  0L(u:0)  ^0E 


X®E 


r ;  •  hM:A-0 


31 


r;-  h  !M:!A^!R(£>;!A) 
r;AhM:!A-0  T,u:A  ;  A'  h  P  *  J  S 
T ;  A,  A'  h  (let !«  =  M  in  P)  *  /  — >■  D  +v:\a  !E(m.  £ ;  v :  !A) 
F;Ai-EtA  poss  T) 
r;Ah?E:?A-?R(D;?A) 

T ;  A  i-  M:  ?A  — ^  T)  T ;  u :  A  l-  E  ©  C  poss  — £ 

T ;  A  i-  (let  ?w  =  M  in  E)  t  C  poss  — "  2)  +v:?a  ?E(m.  £ ;  o :  ?A) 

T ;  A  h  [a/x\M:  [a/x\A  D 


dE 


^?E 


r ;  A  h  (Ax.  M) :  Vx.A  -  VR(fl.  £) ;  Vx.A) 
r;AhM:Vi.A-0 


-VJ 


r ;  A  h  (M  •  t):  [f/x]A  — ^  D  +v-sx.a  VE(m.  id(u:  [f/x]A),  t ;  o:  Vx.A) 
r;AhM:[f/i]A-B 
r ;  A  h  [E  M] :  3x.A  --  3R(£>,  f ;  3x.A)  31 

r ;  A  h  M\3x.A  —  D  T ;  A', u:  [a/x]A  hP*J-*6 


-VE 


T ;  A,  A'  h  (let  [a,  u\  =  MinP)  *  J  D  +v.bx.a  3L(a.  u.  £ ;  v:3x.A) 


^3E 


Theorem  2.27  (Soundness  of  natural  deduction). 

If  I ;  A  I -  P  *],  then  there  exists  D  such  that  f  ;AhP*J^D  and  D  ::  T ;  A  =>  /. 


Proof.  By  induction  on  the  structure  of  the  given  natural  deduction  proof.  The  following 
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is  a  representative  case. 


r  ;  A  l-  M:A  -o  B  T )  A'  \-  N:A 
T ;  A,  A'  h  (MN):B 


2)  ::  T ;  A  =>  A-°  B  and  £  ::  T ;  A'  I-  A 
id (u  :  A)  ::  T ;  u:A  =>  A 
id(z; :  B)  ::T  ;v:B  =>  B 

T  =  -oL(id(u:A),v.  id (v:B) ;  ze:A  -o  B)  ::  T ;  u:A,w:A  -°  B 
£  +u:a  ""  r  /  A' ,  W '.A  —O  B  /  B 

•25  (&  +u:A  T)  "  T  ;  A,  A'  =>  B 


i.h. 

theorem  |2.19| 
theorem  |2.19| 
B  -oL 

theorem  |2.21| 
theorem  |2.21| 


The  remaining  cases  can  be  easily  verified  using  definition  2.26 


□ 


The  computation  in  definition  2.26  although  systematic,  uses  the  powerful  cut  ad¬ 
missibility  in  nearly  every  case.  Nearly  every  case  therefore  causes  the  overall  sequent 
derivation  to  be  globally  rewritten.  Nonetheless,  we  are  mainly  interested  in  the  logical 
import  of  this  translation,  i.e.,  the  following  powerful  completeness  statement  about  the 
sequent  calculus:  every  theorem  in  natural  deduction  has  a  cut  free  sequent  calculus 
proof,  and  this  statement  itself  can  be  shown  constructively. 


2.2.3  Normal  forms 

The  natural  deduction  calculus  of  the  previous  section  admits  proofs  that  have  unfinished 
local  reductions  inside  them.  The  translation  of  sequent  calculus  derivations  into  natural 
deduction  proofs,  however,  never  introduces  any  redexes,  and  so  the  constructed  proof 
term  is  /3-normal.  In  this  section,  we  formalise  the  notion  of  a  normal  natural  deduction 
proof,  and  further  give  an  algorithm  for  normalising  proof  terms.  The  algorithm  presented 
for  normalisation  will  be  a  straightforward  constructive  proof  of  the  malleability  of  linear 
logic. 

We  follow  the  general  schema  outlined  by  Prawitz  I97M  by  describing  normal  proofs 
as  those  that  consist  of  two  halves.  One  half  reasons  by  deconstructing  hypotheses  into 
their  component  judgements  using  elimination  rules;  in  this  half,  information  flows  from 
the  premisses  of  an  inference  rule  to  the  conclusion  of  the  rule.  The  other  half  assembles 


54 


information  about  the  conclusion  from  information  about  the  premisses  using  introduction 
rules;  in  this  half  the  reasoning  proceeds  from  the  conclusion  of  a  rule  to  its  premisses. 
These  two  halves  meet  at  a  point  where  available  information  from  the  top  half  satisfies 
the  reasoning  required  by  the  bottom  half. 

More  formally,  we  annotate  hypothetical  judgements  in  natural  deduction  with  a 
directionality: 

T  ;  A  b  c  T  /  normal  derivations 

T ;  A  I -  i  i  Ares  atomic  derivations 

We  add  a  new  judgemental  rule  of  coercion  that  allows  an  atomic  derivation  to  be  a  normal 
derivation.  The  rules  of  this  calculus  are  summarized  below;  the  syntax  of  normal  and 
atomic  proof  terms,  written  using  the  meta  variables  c,d, . . .  and  i,  j, . . .  respectively,  can  be 
read  off  from  the  inference  rules.  As  before,  we  adopt  /  to  stand  schematically  for  either 
the  form  A  res  or  A  poss. 


Judgemental  rules 


T  ;u:A  \-  u  l  A 

T ;  Ah  c  t  Ares 
T ;  A  h  c  t  A  poss 


hyp 

r,M:A;.bu|Ahyp! 

poss 

T ;  A  b  z  X  A  res 

— — - — — - coerce 

T ;  A  b  1 1 A  res 

Multiplicative  rules 

T ;  A}  b  c  j'  A  T  ;  A2  b  d  j'  B 
T;A1,A2h  (c®d)'[A®B 

-  II 

T;  •  b  *  j  1  11 

T;  A, u:A  b  c  T  B 
T;Ab  (Aiz.c)TA^B  ^ 


T ;  A1  b  i  i  A  ®  B  T ;  A2,  u:  A,  v:B  b  c  |  / 

T ;  Ai,  A2  b  (let  u  <S>  v  -  i  in  c)  T  /  ° 

T ;  A  b  i  1 1  T ;  A'  b  c  T  J 
T ;  A,  A'  b  (let  *  =  z  in  c)  f  /  1E 

T ;  A  b  i  |  A  -o  B  T ;  A'  b  c  t  A 

T ;  A,  A'  b  (i  c)  IB  “° E 


Additive  rules 

T;  A  b  c'l  A  T-A^d^B  T ;  A  b  i  |  A  &  B 

T  ;  A  b  (c,  d)  t  A  &  B  T  ;  A  b  (fsti)  |  A  &hl 


T ;  A  b  i  i  A  &  B 
T;Ab  (sndi)IB 
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r  /  A  h  c  T  A  r ,  A  h  c  x  A 

r;A  h  (inlc)TA®B  1  r  ;  A  H  (ini  c)  X  A  ©  B  1 

T ;  A  I-  z  X  A  ©  B  T;  A',u:A  h  ct/  T ;  A',v:B  h  rf  t  / 

T ;  A,  A'  I-  (case  z  of  ini  zz  =>  c  |  inr  iz  =>  d)  t  / 


r ;  A  h  ()  t  T 


Tl 


r ;  A  I-  z  X  0 
r ;  A  I-  (abort  z)  X  / 


OE 


Exponential  rules 

r ;  •  i-  c  X  A 
r ;  •  h  (! c)  T  !A 

T ;  A  h  c  X  A  poss 
r ;  A  h  7c  T  ?A  77 


r ;  A  h  z  X  !A  r, zz: A ;  A'  I-  c  t  / 

T ;  A,  A'  h  (let  hi  =  zinc)T7  !E 

T  ;  A  l-  z  X  ?A  T ;  u :  A  I-  c  X  B  poss 
T ;  A  I-  (let  ?zz  =  z  in  c)  X  B  poss  '  ^ 


Quantifier  rules 

r ;  A  h  ([a/x]c)  T  [a/x]A  T ;  A  h  z  X  Vx.A 

T ;  A  h  (Ax.  c)  T  Vx.A  r ;  A  h  (z  •  t)  X  [f/x]A  Vt 

T ;  A  h  {[t/x\c)  X  [t/x\A  T;Ai-zX3x.A  T;  A',zz:[zz/x]A  h  c  X  /  i; 

T ;  A  h  [t/C]T  3x.A  777  T ;  A,  A7  I-  (let  [zz,  zz]  =  z  in  c)  X  / 

Theorem  2.28  (Substitution). 

1.  IfT ;  A  I-  z  X  A  and 

(a)  T ;  A7,  zz :  A  h  c  X  /,  then  T ;  A,  A7  h  [i/u]c  X  /• 

(b)  T ;  A7,  zz :  A  h  X  C,  Bzezz  T ;  A,  A7  h  [z'/zz];  X  C. 

2.  IfT ;  •  h  z  X  A  zzzzzi 

(zz)  T,  zz :  A ;  A  h  c  X  J,  then  T ;  A  h  \i/u\c  X  /. 

(b)  T,  zz :  A ;  A  h  ;  X  C,  Bzezz  T ;  A  h  [z'/zz];  X  C. 

3.  IfT ;  A  I -  c  X  A  poss  zzzzzi  T ;  zz :  A  h  d  X  C  poss,  f/zezz  T ;  A  h  (c/zz)  d  X  C  poss. 

Proof  Induction  on  the  structure  of  the  second  derivation  in  (1)  and  (2),  and  on  the  first 
derivation  in  (3).  □ 

Theorem  2.29  (Soundness  of  normal  derivations). 

1.  IfT  ■  A  I-  c  X  /,  then  T ;  A  b  c  *  J. 
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2.  If  Y ;  A  h  i  i  C,  then  T ;  A  I-  i :  C. 

Proof.  Induction  on  the  structure  of  the  given  derivations. 


□ 


We  already  have  enough  machinery  to  prove  the  existence  of  normal  forms  of  nat¬ 
ural  deduction  proofs:  we  construct  a  sequent  derivation  using  theorem  2.27  then  use 
theorem  2.25  to  give  us  a  natural  deduction  proof  term  for  that  sequent  derivation,  then 
observe  that  definition  2.24|only  creates  normal  proof  terms. 


Theorem  2.30  (Normal  forms  from  sequent  derivations). 
IfD::Y ;  A  ==>  /,  then  T) >  c  such  that  Y ;  A  h  c  T  /• 


Proof  Theorem  2.25  and  inspection  of  definition |2.24| 


Theorem  2.31  (Existence  of  normal  forms). 
IfY;A\-P*J,  then  there  exists  a  c  such  that  Y ;  A  b  c  T  /• 


□ 


Proof  Let  D  be  such  that  T ;  A  I-  P  *  / c— >  D. 
theorem  12.301 


By  theorem  2.27  D  ::  Y  ;  A 


/.  Then  use 
□ 


It  is  possible  to  prove  this  more  directly  using  a  proof  normalisation  algorithm. 


2.3  Historical  review 

A  brief  note  on  the  genealogy  of  this  presentation  of  linear  logic.  We  trace  the  idea  of 
dividing  the  hypotheses  into  an  unrestricted  and  a  linear  zone  back  to  Andreoli  |Z!  for  what 
he  called  a  "dyadic  system"  for  (classical)  linear  logic.  This  idea  has  seen  considerable 
use  since  then:  Hodas  and  Miller  in  the  setting  of  logic  programming  in  the  uniform 
fragment  11561,  Benton  et  al.  for  linear  term  calculi  HT3l ;  more  recently  by  Barber  and 
Plotkin  for  the  system  DILL  IfTTIl ,  Polakow  and  Pfenning  for  ordered  logic  |96l  [95],  and 
Howe  in  the  setting  of  focused  (backward)  proof  search  for  linear  logic  B57l.  (The  last  of 
these  unfortunately  does  not  address  the  problem  of  focused  proof-search  in  the  two-zone 
setting,  but  rather  uses  it  only  to  establish  soundness  and  completeness  of  a  one-zone 
focusing  system,  with  explicit  dereliction  and  promotion  rules  for  modal  contexts  of  the 
form  !  T.) 
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The  natural  deduction  formulation  of  linear  logic,  particularly  the  form  of  the  substi¬ 
tution  (defn.|Z23j),  is  essentially  lifted  from  the  judgemental  reconstruction  of  modal  logic 
by  Pfenning  and  Davies  |94|. 

The  sequent  calculus  presented  in  this  chapter  with  the  ?  connective  is  a  first-order 
extension  of  JILL  (Judgemental  Intuitionistic  Linear  Logic)  ||27|.  In  JILL,  it  is  possible  to 
interpret  the  classical  linear  logic,  classical  affine  logic  ( i.e .,  CLL  +  arbitrary  weakening), 
and  the  mysterious  linear  MIX  rules  (introduced  by  Girard  |42|L  using  uniform  parametric 
translations. 


Chapter  summary  In  this  chapter  we  have  presented  the  (backward)  sequent 
calculus  for  first-order  intuitionistic  linear  logic,  together  with  two  modal  extensions 
(truth  and  possibility),  and  proven  the  cut-elimination  theorem.  We  have  also 
presented  a  natural  deduction  formulation  for  this  logic  which  is  used  to  derive 
proofs  from  the  sequent  calculus  for  presentational  purposes. 

The  sequent  calculus  of  this  chapter  will  be  the  yardstick  (for  soundness  and  com¬ 
pleteness)  for  the  forward  sequent  calculi  in  subsequent  chapters.  The  next  chapter 
introduces  the  first  of  these  forward  calculi  for  the  propositional  fragment  of  the 
logic. 
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Chapter  3 

Forward  reasoning  in  the  propositional 
fragment 


We  shall  now  begin  our  investigation  into  the  use  of  the  sequent  calculus  for  automated 
reasoning  in  various  fragments  of  linear  logic.  The  first  fragment  we  pick  is  the  proposi¬ 
tional  fragment  without  possibility,  i.e.,  {(8),  1,  &,  T,  ©,  0, !}.  The  formulation  in  this  chapter 
can  be  readily  extended  to  include  possibility 


We  begin  by  examining  the  problem  of  resource  non-determinism  in  the  backward  se¬ 
quent  calculus  presented  in  chapter  2.1|  where  we  start  with  a  given  goal  sequent  and  use 
the  inference  rules  of  the  logic  in  the  backward  direction  in  order  to  refine  the  goals  until 
we  are  left  with  axiomatic  or  initial  sequents.  Because  this  search  direction  starts  from  the 
goal  sequent,  it  is  sometimes  also  called  "goal-directed"  search. 


The  purpose  of  the  backward  search  strategy  will  be  to  present  a  key  difficulty,  multi¬ 
plicative  non-determinism,  and  motivate  a  forward  search  strategy  that  avoids  this  difficulty. 
The  forward  search  strategy  will  use  a  forward  version  of  the  sequent  calculus.  It  shall 
start  from  known  facts,  and  iteratively  use  the  rules  of  the  forward  calculus  to  generate 
new  facts,  with  the  goal  of  eventually  discovering  a  proof  of  the  goal.  The  kind  of  forward 
reasoning  used — the  inverse  method  [73111161 — also  merits  the  description  "goal-directed" 
because  it  restricts  all  rule  applications  to  subformulas  of  the  goal  sequent,  using  a  strong 
subformula  property  of  the  sequent  calculus. 
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3.1  Resource  management 


The  novelty  in  automated  reasoning  in  linear  logic  lies  in  handling  resources  efficiently 
-  the  resource  management  problem.  We  can  trace  the  origin  of  this  problem  to  the  lack  of 
structural  weakening  and  contraction;  indeed,  without  these  rules  linear  logic  with  mul- 
tiplicatives,  additives  and  exponentials  becomes  undecidable,  even  for  the  propositional 
case.  We  can  recognize  the  following  two  classes  of  resource  management  problems. 

Structural  non-determinism,  which  occurs  for  unrestricted  resources,  and  the  linear  re¬ 
sources  in  the  rules  for  the  additive  units,  such  as  T : 


T ;  A 


T 


For  these  rules,  the  conclusion  sequent  contains  resources  that  do  not  occur  structurally 
in  the  (possibly  non-existent)  premisses.  Thus,  a  forward  reading  of  these  rules  has  to 
invent  this  context  using  extra-logical  means,  a  futile  approach  in  general  because  of  the 
lack  of  a  decision  procedure.  Fortunately,  a  clean  solution  exists  for  this  problem,  which 


we  explain  in  section  3.2.2  Note  that  structural  non-determinism  is  completely  absent  in 


the  backward  direction  because  of  the  subformula  property:  all  elements  in  the  premiss  of 
an  inference  rule  occur  in  the  conclusion  of  the  rule,  possibly  as  subformulas. 

Multiplicative  non-determinism,  which  arises  from  multiplicative  rules  with  more  than  one 
premiss,  for  example  for  ®R: 

A  ==>  A  A'  =>  B 
A,  A  '==>  A®  B 


Absent  weakening,  in  the  backward  direction  such  rules  must  infer  a  division  (into  A  and 
A'  above)  of  the  linear  resources  of  the  conclusion  to  distribute  into  the  premisses.  Note 
that  this  kind  of  non-determinism  does  not  exist  in  a  forward  reading,  where  we  simply 
conjoin  the  resources  of  the  premisses  to  construct  the  conclusion. 

In  the  domain  of  top-down  linear  logic  programming — refining  goals  by  applying 
inference  rules  in  the  backzvard  direction  until  they  become  initial  (eg.  Lolli  j|55j  or  Ly- 
gon  111181) — approaches  to  combating  this  kind  of  non-determinism  fall  into  two  broad 
kinds.  The  first  kind  commit  to  an  input-output  interpretation  of  hypotheses.  For  the 
®R  rule  for  example,  proof  search  proceeds  eagerly  along  the  first  premiss  until  it  reaches 
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the  initial  sequents  with  some  unconsumed  resources.  These  unconsumed  resources  then 
form  the  linear  context  for  the  second  branch  of  the  derivation  tree  corresponding  to  the 
second  premiss.  Proof  search  therefore  becomes  completely  deterministic,  though  not 
free  of  complications.  For  example,  when  attempting  to  prove  T  (8 )  A,  the  first  branch 
can  consume  an  arbitrary  number  of  resources;  thus  an  unprincipled  implementation  of 
the  input-output  idea  will  continue  to  involve  a  potentially  exponential  number  of  back¬ 
tracking  operations.  As  a  possible  answer  to  such  complications,  Cervesato  et  al.  |23| 
refine  the  sequent  judgement  with  Boolean  "strictness"  flags  and  add  a  context  of  strict 
resources,  which  adequately  solves  the  resource  management  problems  for  linear  logic 
programming. 

Approaches  of  the  second  kind  perform  general  search  with  constraint  solving.  For 
example,  in  H49 H,  Boolean  flags  mark  uses  of  resources,  with  inference  rules  guarded 
by  constraints  on  these  Boolean  flags.  Particular  proof  strategies  then  correspond  to 
particular  solutions  for  these  constraint  problems.  In  fact,  we  may  view  the  first  kind  of 
approach  as  a  kind  of  solution  to  the  constraint  problem,  where  the  Boolean  constraints 
encode  the  input-output  interpretation.  Without  detailing  such  constraint-based  resource 
management  systems,  we  refer  to  the  work  of  Harland,  Pym  and  Winikoff,  now  almost  a 
decade  old  If48ll50l. 

Interestingly,  the  rules  for  the  additive  units  present  significant  problems  in  the  back¬ 
ward  direction  also.  For  the  input  output  interpretation,  the  additive  unit  T  can  "con¬ 
sume"  an  arbitrary  number  of  resources  in  its  branch  of  the  proof.  Thus,  proving  T  0  A 
may  require  backtracking  if  search  proceeds  down  the  T  branch  first  without  determining 
the  number  of  resources  needed  for  the  other  branch.  For  a  more  complete  discussion, 
see  Ii23l.  The  problem  of  structural  non-determinism  thus  exists  in  both  forward  and  back¬ 
ward  reasoning,  but  the  nature — invention  of  unknown  resources  in  the  forward  direction, 
and  allocation/garbage-collection  of  resources  in  the  backward  direction — differs  sufficiently 
that  we  cannot  immediately  adapt  resource  management  approaches  for  the  latter  to  the 
former. 

Other  non-deterministic  choices  do  exist  during  proof  search,  but  they  do  not  share  the 
peculiar  nature  of  resource  management  problems,  and  certainly  occur  for  ordinary  (non¬ 
linear)  logic  also.  For  example,  disjunctive  non-determinism  for  connectives  with  multiple 
introduction  rules  (on  the  left  or  right);  conjunctive  non-determinism  for  multi-premiss  rules. 
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where  the  order  of  exploration  affects  search  in  significant  ways.  In  the  forward  direction, 
conjunctive  non-determinism  arises  from  saturation-based — i.e.,  fair — search,  a  necessity 
to  ensure  completeness,  and  various  other  possibilities.  Because  of  the  standard  nature  of 
these  problems,  we  refer  readers  to  the  Handbook  article  on  the  inverse  method  ||35||. 


3.2  Forward  Sequent  Calculus 

3.2.1  Multiplicative  exponential  linear  logic 

First  let  us  consider  the  problem  of  multiplicative  non-determinism.  As  noted  earlier, 
multiplicative  resource  non-determinism  does  not  occur  at  all  in  the  forward  reading  of 
such  inference  rules,  where  we  start  with  the  sequents  involving  linear  contexts  A  and 
A',  and  conclude  a  sequent  involving  A,  A'.  For  the  purely  multiplicative  fragment  of 
linear  logic,  i.e.,  (2),  1  and  -°,  the  backward  rules  are,  in  fact,  already  sufficient  for  forward 
reasoning,  so  we  add  the  first  complicating  factor:  the  !  exponential.  This  fragment  is 
sometimes  called  MELL  (multiplicative  exponential  linear  logic),  and  as  of  this  writing 
the  decision  problem  for  it  is  unknown,  though  it  is  at  least  NP-hard  Q 

This  fragment,  although  severely  restricted  because  of  the  lack  of  alternation  or  any 
way  of  expressing  choice,  is  expressive  enough  for  a  variety  of  uses.  Let  us  consider  a 
motivating  example  of  coin  changing,  where  we  describe  the  operation  of  turning  two 


nickels  into  a  dime  as: 

nickel  (2>  nickel -o  dime  (Pi) 

Some  more  simple  rules  for  coin  transformations: 

nickel  -°  penny  (2)  penny  (2)  penny  <2>  penny  (2)  penny  (Pi) 

quarter  -°  dime  (2)  dime  (2)  nickel  (P2) 

dollar  -o  quarter  0  quarter  0  quarter  0  quarter  (P3) 

We  may  then  ask  a  query  of  the  form: 

quarter  0  nickel  -°  dime  0  dime  0  dime  (C) 


1This  is  based  on  the  complexity  of  the  {®,  1,  -®}  fragment,  which  can  be  used  to  encode  Petri-net 
reachability,  which  in  turn  can  be  verified  in  polynomial  time. 
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which  we  intend  to  prove  using  the  transition  rules  R\,  R2,  R3  and  R4  any  number  of  times. 
In  other  words,  our  goal  sequent  is: 


R1,R2/R3rR4-r-  =>  C 

- V - 

r0 

The  derivation  of  the  above  goal  sequent  is: 


r0;n,n 


n  0  n 


0 R 


Tq  ;  d,  d,  d  =>  d  0  d  0  d 


To  ;  n,  d,  d,  n,  n  0  n  -o  d  =>  d  0  d  0  d 


r0;q 


init 


To  ;  n,  d,  d,  n  =>  d  0  d  d 
13) ;  n,  d  0  d  0  n  =>  d  0  d  0  d 


(8 )R 

^R 
copy:  Ri 


Tq  ;  q,  n,  q  -o  d  (8  d  0  n  ==>  d  0  d  0  d 


0L,  0L 
— o  L 


To  ;  q,  n  ==>  d  0  d  0  d 
Tq  ;  q  0  n  =>  d  0  d  0  d 


copy:  R3 


0L 


r0 ;  ■ 


c 


OR 


We  use  the  single  sequent  arrow  — *  to  represent  sequents  in  the  forward  direction,  but 
the  structure  and  judgements  carry  over  from  the  backward  calculus  of  chapter  2.1  In  the 
forward  direction,  the  initial  sequents  cannot  construct  the  unrestricted  contexts  because 
the  "init"  rule  has  no  premisses.  Forward  initial  sequents  therefore  leave  the  unrestricted 
zone  blank: 


■;p 


V 


init 


In  the  "copy"  rule  in  the  forward  direction,  we  can  no  longer  assume  that  the  copied 
resource  is  already  present  in  the  unrestricted  context.  We  therefore,  simply  add  it  to  the 
unrestricted  context. 


r  ;  A,  A  — >  C 
r,  A  ;  A  — »  C 


copy 


Of  course,  if  the  same  resource  was  copied  twice,  then  we  will  end  up  with  two  versions 
of  A  in  the  unrestricted  zone.  Thus  we  add  an  explicit  rule  of  factoring  (contraction)  in 
the  forward  direction: 


T,A,A;A^C 
T,  A  ;  A  — ¥  C 


factor 
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We  record  factoring  in  the  derivations  using  the  syntax  factor(w.  v.  Df ;  w  :  A),  where  u 
and  v  are  the  bound  labels  for  the  unrestricted  resources  in  D  that  are  factored  into  w  :  A. 


Multiple  branches  of  the  derivation  will  therefore  have  different  compositions  of  the 
unrestricted  context,  so  in  a  binary  rule  it  is  no  longer  possible  to  require  the  unrestricted 
contexts  in  the  two  premisses  to  be  identical.  We  remedy  this  by  combining  the  unre¬ 
stricted  contexts  of  the  premisses  multiplicatively,  and  let  factoring  take  care  of  duplicates. 


r ;  A  — >  A  F  ;  A'  — >  B 
r,r;A,A'  — > A®B 


<g )R 


The  example  derivation  from  before  in  the  forward  direction  is  therefore  as  follows. 


ki  ;  q 


• ;  n,  n  — >  n®n 


8>R 


• ;  d,  d,  d  — >  d  (8)  d  (8)  d 


• ;  n,  d,  d,  n,  n  8)  n  -o  d  — »  d  8>  d  < 


8>R 

-^R 


init 


-  copy:  Ri 

Ri ;  n,  d,  d,  n  — >  d  8)  d  8)  d 

-  (^)f . 

Ri ;  n,  d  8)  d  8)  n  — >  d  8)  d  8)  d 

Ri ;  q,  n,  q  -o  d  8)  d  8>  n  — >  d  8)  d  ®  d 

- R,,R3;q,I.->d»d«d -  C°Py:  R3 

-  . 

Ri,  R3  ;  q  8)  n  — »  d  8>  d  8)  d 


Now  note  that  the  sequent  Ri,  R3  ;  •  ==>  C  is  stronger  (in  the  sense  of  theorem |2.17|  than 
our  required  goal  sequent  Ri,  R2,  R3/  R4  ;  •  =>  C. 

The  ®L  rule  in  the  forward  direction  requires  a  brief  note.  If  the  unrestricted  resource  A 
is  present  in  the  premiss,  then  we  remove  it  from  the  unrestricted  context  in  the  conclusion, 
as  expected. 

T,A;A=>C 
T  ;  A,  \A  =>  C 

However,  it  is  possible  that  the  resource  A  is  not  present  in  the  premiss;  in  this  case  case  we 
recall  that  a  forward  sequent  stands  for  all  its  weakened  forms,  and  therefore  implicitly 
"weaken"  the  premiss  to  produce  the  required  conclusion: 

r;A=^c  At r 
T ;  A,  IA  =>  C 
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These  two  forms  of  the  !L  rule  can  be  written  together  as  follows,  where  the  notation  T\A 
is  the  usual  multiset  difference,  i.e.,  it  denotes  the  operation  of  removing  A  from  T  if  it 
exists  there. 


r;A=^C  A£T 
T\A  ;  A,  !A  =>  C 


Summary  of  the  formal  system 


We  pick  the  following  propositional  fragment  of  linear  logic. 

A,  B, . . .  ::=  p|A®B|l|A-oB|!A 

Forward  sequents  have  the  following  shape: 

Mi  :  (Ai  unr), .. .,  um  :  (Am  unr) ;  v\  :  (Bi  res), ...  ,vn  :  (B„  res )  — »  C  goal. 

' _ ^ _ ✓ 

r  a 

As  usual,  we  leave  the  hypotheses  labels  u,  v,  etc.  and  the  judgemental  labels  unr,  res  and 
goal  out  for  brevity.  We  adopt  the  same  syntax  of  derivations  as  in  the  backward  calculus 


of  section  2.1.5  but  distinguish  forward  and  backward  derivations  with  a  subscript  /  or 
b,  respectively.  The  only  rule  in  the  forward  direction  that  does  not  have  a  corresponding 
backward  rule  is  "factor",  for  which  we  have  an  additional  syntactic  form  for  the  forward 
direction.  Our  sequent  calculus  has  the  following  rules. 


Judgemental  rules 


■,v^v 


init 


T  ;  A,  A  — >  C 
T,  A  ;  A  — »  C 


copy 


I,  A,  A ;  A  — >  C 
T,  A ;  A  — >  C 


factor 


Logical  rules 


T ;  A  — >  A  F  ;  A' 


B 


T,  T' ;  A,  A'  — »  A  ®  B 

1 R 


®R 


Y  ;  A,  A,  B  — >  C 


T  ;  A,  A®  B  — >  C 
T  ;  A  — »  C 


T ;  A,  A  — >  B 
T ;  A — >  A  -o  B 


>  1 


1L 


®L 


T ;  A,  1  — >  C 

T ;  A  — >  A  F;A,,B— >C 
r,P;A,A',A-oB  — >  C 
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r;- 


!  L 


!A  lR  T\A ;  A,  !A  — >  C 

Definition  3.1  (Forward  derivations  to  backward  derivations).  The  translation  (-)0  from 
forward  to  backward  derivations  mimics  the  structure  of  derivations  exactly,  except  for  the  ' factor " 
rule,  for  which  we  have: 


(factor(w.  v.  Df  ;w:A))°  =  \w/u,w/v\(fDf)° 

Theorem  3.2  (Soundness  of  forward  derivations). 

IfDf  ::  T  ;  A  — >  C,  then  ( Df)°  ::  T  ;  A  =>  C. 


Proof  Induction  on  the  structure  of  Df.  The  following  are  two  representative  cases. 
Case. 

Df  ::  F ;  A — >A  D'f  ::  F  ;  A',u:B — >C 
-oL(Df,  u.  D'f ;  v :  A  -o  B)  ::  T,  F  ;  A,  A',  v  :  A  -o  B  — >  C 

T  ;  A  =>  A  i.h. 

r,r';A  A  theorem  2.17 

T,  T' ;  A',  u :  B  =>  C  similarly 

L((Df)°,  u.  (D'f)° ;  v : A  -o  B)  ::  T,  F  ;  A,  A',  v: A  -o  B  =>  C  -<>L 


Case. 


(£>/)° 


D/-  ::  T,  if  :  A,u  :  A  ;  A  — >  C 
factor(w.  v.  Df  ;  w  :  A)  ::  T,  w  :  A  ;  A  — >  C 


factor 


(£)y)°  ::  T,  u  :  A,  v  :  A  ;  A  =>  C  i.h. 

fi  =  copy(z.  id(z  :  A) ;  w:A)  ::  T,w  :  A  ;  ■  =>  A 

fi  (<5  +i/:a  (Df)°)  ::T,w  :  A  ;  A  ==>  C  □ 


The  completeness  theorem  cannot  be  shown  in  such  a  clean  and  constructive  manner 
because  there  are  several  forward  derivations  for  a  given  backward  derivation  and  no 
canonical  way  to  translate  a  backward  to  a  forward  derivation.  Instead,  we  prove  it  as  an 
existential  property. 

Theorem  3.3  (Completeness  of  forward  derivations). 

If  T ;  A  =>  C,  then  T' ;  A  — ■>  Cfor  some  T'  c  r. 
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Proof.  Induction  on  the  structure  of  the  derivation  of  D[,  ::  Y  ;  A  =>  C.  The  following  is  a 
representative  case. 

Dii\  ::  T ;  A  =>  A  D\j2  ••  T  ;  A' ,  u  \A  ==>  C 
— ° P(fD]>\,  u.  )V\A  —o  B) ::  T  ;  A,  A! ,  v.A  — °  B  >  C 

We  know  that  Ti ;  A  — »  A  and  T2  ;  A',  u :  B  — »  C  for  some  h  c  T  and  T2  £  r  by  the  induc¬ 
tion  hypotheses.  By  -°L,  therefore,  Tlf  T2 ;  A,  A',  v :  A  B  — >  C.  Because  both  T|  c  F,  and 
T?  c  T,  we  use  "factor"  to  merge  the  duplicate  propositions  in  in  Ti  and  T2  to  obtain  a 
context  F  cf  for  which  F  ;  A  =>  C.  □ 


3.2.2  Extending  with  the  additive  connectives 


As  mentioned  before,  the  additive  units  T  and  0  cause  a  similar  problem  with  the  linear 
context  also: 


T  ;  A  =>  T 


T  R 


r ;  A,  0 


C 


0  L 


The  arbitrary  linear  contexts  A  (and  side  formula  C)  do  not  occur  in  the  (non-existent) 
premisses,  and  can  therefore  not  be  deterministically  constructed.  However,  linearity 
prevents  us  from  writing  simply 


because  the  linear  context  can  not  be  weakened  as  needed.  (For  instance,  • ;  T  — »  T  is  not 
derivable  with  this  rule.) 

We  solve  this  problem  by  constructing  the  unknown  portions  of  sequents  as  needed, 
adapting  the  scheme  laid  out  in  the  previous  section  for  the  unrestricted  resources,  allow¬ 
ing  weakening  of  the  linear  resources  for  those  sequents  for  which  it  is  admissible. 

Definition  3.4  (Weak  backward  sequents).  A  sequent! ;  A  =>  C  is  said  to  be  weak  if  assuming 
it  is  valid,  the  sequent  T ;  A'  =>  C  is  also  valid  for  all  A'  □  A.  A  sequent  that  is  not  weak  is  a 
strong  sequent. 


In  other  words,  the  following  rule  is  admissible  for  weak  sequents. 


T;A=»C 
T ;  A,  A'  =>  C 


linear-weaken 
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The  additive  atoms  give  rise  to  weak  sequents:  T ;  A  =>  T  and  T  ;  A,  0  ==>  C.  More 
generally,  having  a  conjunctive  T  on  the  right  or  a  conjunctive  0  on  the  left  will  make  the 
sequent  weak. 

In  the  forward  direction  we  explicitly  keep  track  of  which  sequents  are  weak  by  means 
of  a  Boolean  flag  on  the  linear  context. 

Definition  3.5  (Forward  sequents).  A  forward  sequent  has  one  of  the  following  two  forms: 

T ;  [A]0  — »  C  strong  sequent 

r ;  [A]i  — »  y  weak  sequent 

Here,  y  has  one  of  the  forms  ■  or  C.  We  will  slightly  abuse  notation  by  writing  Y ;  [A]H,  — »  y  to 
stand  for  either  of  the  above  two  forms,  using  w  as  a  meta-variable  for  the  weakness  flag,  keeping 
in  mind  that  r ;  [A]0  — »  •  is  a  disallowed  form. 

The  correspondence  between  forward  and  backward  sequents  is  stated  in  terms  of 
soundness. 

Definition  3.6  (Soundness  of  forward  sequents). 

1.  A  strong  sequent  T ;  [A]0  — >  C  is  said  to  be  sound  if  F  ;  A  ==>  Cfor  any  F  2  T. 

2.  A  weak  sequent  T ;  [A]x  — >  y  is  said  to  be  sound  if  F  ;  A'  ==>  Cfor  any  F  2  T,  A'  2  A  and 
C  2  y. 

We  use  C  2  y  to  indicate  that  either  y  =  ■  or  y  =  C. 

The  final  ingredient  required  is  a  subsumption  or  "weaker  than"  relation  between 
forward  sequents. 

Definition  3.7  (Subsumption). 

We  define  the  <  relation  between  forward  sequents  as  follows. 

(T  ;  [A]0  ~^C)<  (F  ;  [A]0  — ►  C)  ifT'  2  T 

(T ;  [A]j  y)  <  (T' ;  [A']w  — >  /)  ifT'  2  T,  A'  2  A,  and  /  2  y 

For  binary  rules,  the  combination  of  linear  zones  will  depend  on  whether  the  corre¬ 
sponding  sequent  is  weak  or  strong.  Consider  the  backward  &cR  rule  which  is  additive: 

r  :  A  =>  A  r  :  A'  =>  B 


If  both  premisses  are  strong  in  the  forward  direction,  then  this  rule  can  be  directly  adapted 
to  the  forward  direction. 


r ;  [A]0  >  a  f ;  [A]0  >  B 

r,r  ;[A]0— >A&B 

If  one  premiss  is  weak  and  the  other  strong,  the  weak  resources  must  be  a  subset  of  the 
strong  resources  to  remain  consistent  with  definition 

r ;  [A]0  — >  A  r;[A'h—>B  (A'cA) 

T,  F ;  [A]0  — >  A  &  B 

If  both  premisses  are  weak,  then  the  conclusion  is  also  weak,  but  what  resources  are 
present  in  the  conclusion?  In  the  ground  case,  we  can  simply  take  the  maximal  multiplicity 
for  each  proposition  on  the  two  premisses,  which  we  write  using  U;  in  other  words,  if  a 
resource  A  occurs  m  times  in  A  and  n  times  in  A',  then  it  occurs  max(m  +  n)  times  in  Au  A'. 
To  see  that  this  is  sound,  simply  apply  weakening  to  add  the  missing  copies,  equalizing 
the  linear  contexts  in  the  premisses.  It  is  also  complete  because  the  maximum  represents 
the  least  upper  bound. 

T ;  [A]i  — >  A  r;[A'h—>B 
r,P;[Au  A']!  — > A&B 


3.7 


Fortunately,  we  do  not  need  to  generalise  the  &R  rules  any  further  to  allow  weakening 
on  the  right  also.  Consider,  for  instance,  the  following  candidate: 


r ;  [A]0  — »  A  r;[A']i— >•  (A'cA) 
r,r' ;  [A]i  — >  A&cB 


Here,  the  conclusion  sequent  is  simply  a  weakened  form  of  the  second  premiss,  and 
therefore  is  entirely  redundant  as  it  will  be  immediately  subsumed  in  the  inverse  method 
loop  (see  sec.  4.1.6  for  details  of  this  loop). 


In  the  above  forms  of  the  &cR  rule,  the  difference  is  in  the  ways  in  which  the  linear 
contexts  of  the  input  premisses  are  allowed  to  be  combined.  To  ease  the  presentation  of 
the  rules  and  also  to  foreshadow  the  kind  of  constructions  we  will  require  in  the  first-order 
case  (in  chapter [5]),  we  make  a  few  definitions. 
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Definition  3.8  (Additive  composition).  Given  two  linear  contexts  with  weakness  flags,  [A]a, 
and  [A]w>,  we  define  the  additive  composition  of  the  contexts,  written  [A]a  +  [A']^  as  follows: 


[A]a;  +  [A  \v’ 


[A]0 

ifw  =  w'  =  0  and  A  =  A' 

[A]0 

ifw  =  0,  w'  =  1  and  A'cA 

[A']0 

ifw  =  1,  w'  =  0  and  A  c  A' 

[AuA'h 

ifw  -w'  =  1 

Note  that  the  additive  composition  is  a  partial  function. 


We  can  then  write  the  &B  in  a  concise  form: 


F ;  [A]a  — »  A  r;[A']„,— 
r,r  ;  [A]a  +  [A']^  — >  A  &cB 


The  implicit  understanding  is  that  if  the  additive  composition  in  the  conclusion  is  not 
defined,  then  the  rule  is  not  applicable. 

On  the  left,  we  have  to  include  some  additional  cases  for  when  the  required  resources 
are  not  actually  present  in  a  weak  premiss.  As  an  illustrative  example,  consider  ®L: 


;  A ,A,B  ==>  C 
;  A,  A  ®  B  ==>  C 


In  the  forward  direction,  if  both  A  and  B  are  present  in  the  premiss,  then  the  weakness  of 
the  premiss  carries  through  to  the  conclusion. 

r ;  [A,  A,  B]0  — >  y  T ;  [A,A,B]i  — »  y 

T ;  [A,  A  <g>  B]0 — >y  T;[A,A®B]i — >  y 

For  weak  premisses,  we  have  three  additional  possibilities: 

r^A]!— >7  T  ;  [A]x  — >  y 

r;[A,A®B]i — >y  r;[A,A®B]i — >y  r;[A,A®B]i — ■>  y 

The  last  of  these  is  actually  unnecessary,  for  (T ;  [A]i  — »  y)  <  (T ;  [A,  A  ®  B]i  — >  y). 

In  summary,  is  that  there  is  one  weakness  agnostic  form  of  the  left  rule  and  a  pair  of 
special  cases  to  account  for  weak  sequents.  This  feature  is  present  whenever  we  have  a 
rule  that  involves  a  linear  resource  in  a  premiss. 
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Summary  of  the  formal  system  The  propositions  we  are  now  able  to  support  are: 


A,B,...  ::=  p|A®B|l|A^B|A&B|T|AeB|0|!A 


As  usual  in  sequents  we  leave  out  all  hypothesis  and  judgemental  labels  unless  they 
are  needed  to  disambiguate.  Our  syntax  for  derivations  undergoes  no  change  from  the 
previous  section,  except  to  extend  it  in  the  obvious  way  for  the  new  connectives. 

For  the  additive  rules,  the  notation  y  U  y'  should  be  interpreted  as  follows: 


C 


y  U  y' 


-Y 

y 


if  y  -y'  -  C 
if  y  =  • 
if  y  =  • 


Note  that  y  2  y'  if  there  exists  y"  such  that  y  =  y'  U  y" . 


Judgemental  rules 


;  [p]  o 


init 


T ;  [A,  A\w  >  y  T,  A,  A  ;  [A]k,  >  y 

coPy  7  r  - —  factor 


0  A ;  [A]a 


7 


r,A;[A]# 


7 


Multiplicative  rules 

T ;  [A]z„  — *  A  F;[AV 


B 


r,r' ;  [A,  A'] 


zvWzv' 


A  ®  B 


®R 


T ;  [A,A,B]f< 


7 


• ;  [Jo 
r ;  [A,A]W  - 


•  1 

B 


r ;  [A]r, 


A-oB 


r )  [A,  A  ®  B]w 
IK  r;[Al" 

-oR 


7 


®L 


r;[A,Aih 


7 


r;[A,Ai®A2]i 


7 


®L' 


7 


r  /  [A,  1]^  >  y 

r ;  [A]x  — >  B 


1L 


r;[Ah 


A-oB 


-oR 


r ;  [A]a 


A  F;[A',B] 


in' 


c 


r,r' ;  [A,  A',  A  -o  B] 


wWw’ 


C 


Additive  rules 

r;[A]w 


A  F;[A] 


zv' 


B 


r,F;[  A]W  +  [A'] 


w' 


■  A&B 
r ;  [  A]„ 


&R 


T ;  [A,A/]a 


7 


r;[A,A1&A2]I( 


7 


&L, 


A; 


r;[A,A]0 


7  0;[A'; 


w' 


r ;  [A]a, 


T,  r  ;  ([A]w  +  [A'\B]j(,/),A  ®  B  — >  y  U  y 


7  ®7 


— , - ,  ®R, 

Ai©A2 

r ;  [A]i  - 


7  r';[A',B] 


zv' 


7 


T,  F  ;  ([A \Ah  +  [A r]w,),A  ©  B  — >  y  U  y 


7  ©L' 
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;[-]i  — >  t 


t  R 


■ ;  [0]i 


0  L 


For  the  ©L  rules  we  use  the  notational  convention  that  [A]f(,,/1  =  [A,  A]r 


Exponential  rules 

r ;  Ha?  — >  a  (  r ;  [A]^  >  y  ( 

r ;  Ho  —>IA-K  T\A ;  [A,  \A]W  — >  y  ' L 

Theorem  3.9  (Soundness  of  forward  derivations). 

2.  2/D/  ::  L ;  [A]0  — >  C,  then  (Df)° ::  T ;  A  =>  C. 

2.  2fD/  ::  T ;  [A]x  — ■»  y,  then  for  any  A'  2  A  and  C  2  y,  (D/)°  ::  T ;  A'  =>  C. 

Proof.  By  induction  on  the  structure  of  Df.  The  first  important  case  is  "factor",  where: 

D'f  ::  T,u  :  A,v  :  A ;  [A]a)  — »  y 
D/  =  factor(n.  v.  D'j  ;  z  :  A)  ::T,z  :  A;  [A]^  — ■>  y  ^actor 


Case:  w  -  0  and  y  =  C. 


(D'f)°  ::  r,u:  A,z;:A;A=>C 
£  =  copy(x.  id(x  :  A)  ;z:A)  ::  T,z  :  A;  •  =>  A 

i.h. 

£  +z;:B  (£  +it:A  (D'^)0)  "Y,Z:  A)  A  =>  C 

theorem 

2.21 

Case:  w  =  1.  Let  A'  2  A  and  C  2  y  be  given. 

(. D'f)°  ::  T,u  :  A,v  :  A }  A'  =>  C 
£  =  copy(x.  id(x  :  A)  ;z:A)  ::  L,z  :  A;  •  ==>  A 

i.h. 

£  +i>:B  (£  +u:A  (D^)°)  ::  T,z  :  A  ;  A'  ==>  C 

theorem 

2.21 

For  the  remaining  rule  of  inference,  the  induction  follows  a  straightforward  pattern. 
The  following  is  a  representative  case  for  a  binary  right  rule. 

Vfi  ::  T ;  [A]^  — >  A  Vf2  ::  T ;  [A']^  — >  B 
Df  =  &£(D/i,  D/2 ;  A  &  B)  ::  T ;  [A]^  +  [A']^  — »  A  &  B 

Case:  w  =  w'  =  1,  so  [A^  +  [A']^  =  [A  U  A']i.  Let  A"  2  A  U  A'  be  given,  and  note  that 
A"  2  A  and  A"  2  A'. 
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i.h.  and  theorem |2.17| 
i.h.  and  theorem |2.17| 
&cR 


(Dfl)°::T,r  ;A"  =>A 

(Df2y::T,r;A''=>B 

&cR((Df i)°,  (Dp)0 ;  A  &  B) ::  T,  P  ;  A"  =>  A  &  B 
Case:  w  =  0  and  w'  =  1.  Then,  [A]a,  +  [A']^  is  defined  and  equals  [A]0  if  A'  c  A. 

(!Dfi)°  "  CP  ;  A  =>  A  i.h.  and  theorem  2.17 

(Z)p)°  "  CP  ;  A  =>  B 

&R((Df i)°,  (0/2)0 ;  A  &  B) ::  P  P  ;  A  =>  A  &  B 


i.h.  and  theorem  2.17 


Note  that  in  this  case  the  strengthened  form  of  (2)  is  necessary  when  using  the 
induction  hypothesis  on  Dp  because  weakening  the  linear  context  is  not  valid  for 
backward  sequents.  The  symmetrical  case  with  w  =  1  and  w'  =  0  follows  similarly. 
Case:  w  -  w'  -  0.  Then,  [A]n,  +  [A']^  is  defined  and  equals  [A]0  if  A  =  A'. 

::  T,P;  A  =>  A  i.h.  and  theorem |2.17| 

( Df2)°  ::  T,P  ;  A  =>  B  i.h.  and  theorem|2.17| 


&cR((Dfi)°,  (Dp)0 ;  A  &  B) ::  T,  P  ;  A  =>  A  &  B 


&cR 


The  cases  for  the  remaining  right  rules  closely  follow  this  pattern.  For  the  left  rules, 
we  have  one  case  for  the  weakness-agnostic  forward  rule,  and  several  other  cases  for  the 
rules  specific  to  weak  sequents.  The  following  case  is  representative  of  the  agnostic  rules. 


[A,  u  :  A,v  :  B]w  — >  y 


Df  =  ®L(u.  v.  D'f ;  z:A  <S>  B)  ::  T ;  [A,z  :  A  0  B]-h 


r 


®L 


Case:  w  =  0  and  y  =  C. 


(. V'f)°  ::  T;A,u  :  A,v  :  B  =>  C 

®L(n.  v.  (D'jr)0  ;z:A  ®  B)  ::  T  ;  A ,z:A  ®  B  =>  C 

Case:  w  -  1.  Let  (A ’ ,z  :  A  ®  B)  2  (A,z  :  A  ®  B)  and  C  2  y  be  given. 

(Op0  ::  T;A',m  :  :  B  =>  C 

®L(u.  u.  (Op0 ;  z:A  ®  B)  ::  T  ;  A',z:A®B  =>  C 

Finally,  one  case  that  is  representative  of  the  rules  specific  to  weak  sequents. 

T ;  [A,  w  :  A]i  — >  y 


i.h. 

®L 

i.h. 

®L 


O/  =  ®L(D'f,u,-;v:A®B)  ::  T;  [Arv  :  A®B]i 


7 


®L' 


Let  (A',u:A  ®  B)  2  (A,v:A  ®  B)  and  C  2  y  be  given. 
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c 


i.h. 

®L 


(. D'f)°  ::T  ;A',u  :A,z:B  ==>  C 
®L(u.  z.  {D'f)°  ;v:  A®  B)  ::  T;  A',v:A®B  => 

Once  again  in  this  case  the  strengthened  form  of  case  (2)  is  required  in  order  to  select  a 
suitable  backward  sequent.  The  remaining  rules  follow  one  of  the  above  patterns.  □ 

As  we  saw  in  theorem [33] earlier,  the  completeness  theorem  is  proved  existentially  for 
stronger  sequents.  We  now  additionally  have  to  split  cases  on  whether  the  sequent  we 
infer  is  weak  or  strong. 

Lemma  3.10.  (Repeated  factoring) 

If  I,  F  ;  [A]w  — ■>  y,  then  TuF;  [A]^  — >  y. 

Proof  Repeated  applications  of  "factor".  □ 

Theorem  3.11  (Completeness  of  forward  derivations). 

Suppose  T ;  A  =>  C.  Then, 

(a)  either  F  ;  [A]0  — ■»  C, 

(b)  or  F  ;  [A']i  — ■>  y 

for  some  T'  c  T,  A'  c  A  and  y  c  C. 

Proof  Induction  on  the  structure  of  the  derivation  of  Dt,  ::  T  ;  A  =>  C.  The  following  are 
some  representative  cases. 

Case:  initial  sequents,  i.e.,  Db  =  init(u:p)  ::  T  ;u  :p  =>  p. 

In  this  case,  init(i/  :p)  ::  • ;  [u  :  p]0  — >  p. 

Case:  "copy",  i.e.,  Db  =  copy (D'b,  u ;  v :  A)  ::  T,  u  :  A  ;  A  =>  C,  i.e., 

D'b  ::  T,  u  :  A  ;  A,v  :  A  =>  C.  Here  there  are  three  possibilities  for  the  induction  hy¬ 
pothesis  on  D'b: 

Subcase:  F  ;  [A,  z? :  A]o  — >  C  for  some  F  c  T,u  :  A. 

Then,  by  "copy",  T',u'  :  A ;  [A]o  — >  C.  If  u  €  dom(F),  then  use  combine  u  and  u' 
by  means  of  "factor";  otherwise,  set  u'  to  u. 

Subcase:  F  ;  [A' ,v  :  A\ \  — *  y  for  some  F'  c  (F,  u  :  A),  (A',  v  :  A)  c  A,  and  y  c  C.  A  similar 
argument  as  the  previous  case  applies  here,  except  we  obtain  T',  u  :  A;  [  A'  ]i  — >  y. 
Subcase:  T' ;  [A']i  — >  y  for  some  T'  c  (r,  u  :  A),  (A')  c  A,  and  y  c  C  and  v  dom(A').  In  this 
case,  the  sequent  itself  satisfies  case  (b). 
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Case:  a  multiplicative  rule  such  as: 

Dbi  ::  f ;  Ai 


A  Db 2  ::  T ;  A2 


B 


®R 


Vb  =  ®R(Dbi,  £>b2  ;  A  0  B)  ::  T  ;  Alr  A2  =>  A  0  B 

We  obtain  the  following  cases  for  the  induction  hypothesis  on  Db\  and  Dbi- 

Subcase:  Ti ;  [Ai]o  — >  A  and  F2 ;  [A2]o  — >  B  for  some  Fi  c  r  and  T2  c  F.  By  we  have 
Ti,  r2  ;  [Ai,  A2]o  — >  A®B,  then  we  appeal  to  lemma  3.10  and  note  that  Fi  U  T2  c  T. 

Subcase:  Ti ;  [A'h  — *  y  and  T2  ;  [A2]o  — *  B  for  some  Ti  c  F,  F2  c  r,  A'  c  Ai  and  y  c  A.  If 
y  -  ■,  then  the  first  sequent  already  satisfies  case  (b),  so  we  only  need  to  consider 
y  =  A.  In  this  case,  from  <8>R,  we  get  F|,F2  ;  [A',  A2]i  — >  A®B,  after  which  we  use 
the  same  argument  as  the  previous  case. 

Subcase:  Ti ;  [A'h  — >  va  and  T2  ;  [A']i  — >  Vb  for  some  F|  c  T,  T2  c  F,  A'  c  Ai,  A^  c  A2, 
£  A  and  yg  c  B.  Like  the  previous  case,  we  only  need  to  consider  the  cases  for 
which  y a  -  A  and  yg  =  B;  then,  by  ®R  we  get  T\, T2  ;  [A' ,  A^li  — >  A®B,  and  use 
the  same  argument  as  before. 

Case:  an  additive  rule,  such  as: 

Dbi  "  T ;  A  =>  A  Vb2  "  T ;  A  =>  B 
Db  =  &R(2)h,2)k;A®  B) ::  T ;  A  =>  A  &  B 

We  obtain  the  following  cases  for  the  induction  hypothesis  on  T)b\  and  2)/,2. 

Subcase:  Ti ;  [A]o  — >  A  and  T2  ;  [A]o  — >  B  for  some  Tj  c  T  and  T2  c  T.  By  &cR,  we  obtain 
Ti,  r2  ;  [A]o  =>  A  &  B,  and  we  appeal  to  lemma  3.10  as  before. 

Subcase:  Ti ;  [A']i  — >  y  and  r2  ;  [A]o  — >  B  for  some  Fi  c  T,  T2  c  r.  A'  c  A  and  y  c  A.  As 
before,  the  only  interesting  case  is  with  y  =  A,  in  which  case  we  obtain  by  &R  and 
definition |3.8|that  Fi,  T2  ;  [A]o  — >  A  &  B,  after  which  we  use  the  same  argument  as 
before. 

Subcase:  Ti ;  [A'h  — >  y a  and  f2  ;  [A']i  — >  yg  for  some  Fi  c  F,  r2  c  F,  A'  c  A,  A^  c  A, 
y A  £  A  and  yg  C  B.  Again  the  interesting  case  is  when  y^  =  A  and  }'b  =  B,  where¬ 
upon  by  &R  we  get  T2  ;  [Aj  U  A2]j  — >  A  &  B  and  we  note  that  Aj  U  A2  c  A. 


The  cases  for  the  exponential  rules  are  very  straightforward. 


□ 


3.3  Optimization:  affine  resources 

In  the  absence  of  negative  1  in  the  logic,  the  forward  calculus  of  the  previous  section 
suffices  to  remove  all  resource  non-determinism.  With  the  addition  of  1,  particularly 
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negative  occurrences,  we  have  a  problem  of  affine  non-determinism,  which  arises  from 
the  interaction  of  1  with  other  connectives.  For  most  connectives,  1  has  only  a  unitary 
function,  where  an  equivalent  proposition  can  be  found  which  does  not  require  (that 
particular  instance  of)  1.  By  considering  all  instances  of  1  appearing  as  an  operand  in  a 
connective,  the  full  list  of  such  equivalences  is  as  follows^ 

A  ®  1  =  A  =  1  ®  A  1  -o  A  =  A  1&1  =  1  1®1  =  1  !  1  =  1 

For  the  rest  of  this  paper  we  assume  a  logic  in  1-normal  form  (Inf),  which  we  define  as 
that  fragment  without  unitary  uses  of  1.  This  simpler  fragment  allows  an  examination 
of  the  occurrences  of  1  actually  relevant  to  resource  management.  Unless  specified,  we 
assume  for  the  rest  of  this  section  that  all  propositions  are  in  Inf. 

Definition  3.12  (1  normal  form).  Given  a  proposition  A,  its  1  normal  form,  (A)i  is  defined  as 
follows. 


( 


(A)i 

if(B)  i  =  l 

(A  ®  B)j  =  < 

(B)  i 

z/(A)i  =  1 

(l)i  =  1 

(A)i  ®  (B) i 

otherwise 

(A  -o  B)i  =  < 

(B)  i 

(A),  -o  (B)j 

V 

if  (Ah  =  1 

otherwise 

(A  SzB)1  =  < 

f 

1 

(A),  &  (B)x 

V 

if  (A),  =  (Bh  =  1 

otherwise 

(T)i  =  T 

(A  0  B)  i  =  < 

1 

(A)10(B)1 

V 

if  (Ah  =  (Bh  =  1 

otherwise 

(0)i  =  o 

(!A)i  =  < 

1  if  (A),  =  1 

!(A)|  otherwise 

An  interesting  class  of  propositions  has  the  form  A  &  1  or  1  &  A;  as  a  resource,  A  &  1 
provides  a  choice  of  either  using  A  linearly  in  the  proof,  or  not  using  A  at  all,  i.e.,  it  encodes 

2In  the  presence  of  quantifiers,  we  have  some  additional  equivalences:  Vx.l  =  1  and  3x.l  =  1 
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an  at-most  one  use  or  affine  interpretation.  Indeed,  such  propositions  allow  us  to  recover 
affine  logic  in  the  exact  setting  of  linear  logic,  by  translating  affine  implications  A  — »  B  into 
A  &  1  -o  B.  There  is  another,  more  popular  embedding  of  affine  logic  into  linear  logic  that 
translates  A  —>  B  into  A  -o  B  ®  T.  The  difference  between  the  two  encodings  manifests 
as  a  choice  between  a  local  and  a  global  translation  —  translating  into  A  &  1  B  doesn't 
destroy  the  linear  nature  of  resources,  but  A  -°  B  ®  T  makes  every  resource  affine  because 
of  the  presence  of  positive  <8>T.  Yet,  and  despite  the  fact  that  positive  T  complicates 
backwards  search,  encodings  in  logic  programming  languages  like  Lolli  use  the  second 
encoding  because  &  is  disallowed  in  the  body  of  clauses.  Rather  than  repeat  this  approach 
and  disallow  1  in  the  syntax  where  it  is  problematic,  for  the  rest  of  this  section  we  examine 
the  nature  of  resource  non-determinism  caused  by  such  instances  1. 


Characterising  non-unitary  uses  of  1  First,  consider  the  effect  of  removing  1L  entirely 
from  the  logic.  In  the  Inf  fragment,  only  the  following  instances  of  1  remain:  A- °  1, 
A&l,  1  &  A,  A  ffi  1,  1  ffi  A  and  the  formula  1  itself.  On  the  right,  the  corresponding  rules 
are  fully  deterministic.  On  the  left,  all  of  these  forms  -  except  1  itself  -  have  the  following 
specialized  rules: 


T ;  A  =>  A  T ;  A'  =>  C 
T ;  A,  A',  A  -o  1  =>  C 


T ;  A  =>  C 
T  ;  A,  A  &  1  =>  C 


&lLa 


T;A=»C 
T  ;  A,  1  &  A  => 

r  ;  A,  A  =>  C  r  ;  A  = 
T ;  A,  A  ©  1  =>  C 


Cl^ 

—  ®1L 


T ;  A,  A  = 
T ;  A,  A  &  1 

T ;  A,  A  = 
T ;  A,  1  &  A 

T  ;  A  ==>  C 


^&1L2 

^i&l2 

T ;  A,  A  => 


T ;  A,  1  ©  A  =»  C 


C 


i©l 


We  have  described  the  situation  with  &1  and  1&  before  and  clearly  visible  above  in 
the  pair  of  rules  l&Li  and  &1L|,  formulas  of  the  form  A&l  define  an  affine  interpretation 
for  the  resource  A.  We  examine  this  case  in  detail  in  the  next  section.  For  1®L  and  ®1L, 
the  premisses  appear  to  give  the  formula  A  a  meaning  of  optional  use  -  we  can  prove  the 
conclusion  C  both  in  the  presence  and  absence  of  A.  In  fact,  one  might  view  this  kind  of 
optional  use  (one  and  zero  times)  as  the  external  version  of  the  affine  case  (at-most  one  use); 
thus,  one  might  imagine  a  substructural  logic  where  external  options  are  internalised  using 
locally  sound  and  complete  introduction/elimination  rules.  Fortunately,  the  treatment  of 
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the  affine  case  in  the  next  section  provides  a  satisfactory  answer  for  the  optional  case  also. 

For  the  -°1L  rule,  we  do  not  have  a  satisfactory  treatment.  In  fact,  we  can  certainly 
construct  examples  where  this  rule  can  be  iterated  indefinitely,  giving  larger  and  large 
sequents. 

r;A=^A  r ;  A',  1  =>  C 
r ;  A  =>  A  T;A,A',A^1  =>  C 
r;A=»A  T;A,A,A',A-ol,A-ol  =>  C 


We  leave  a  treatment  of  this  and  other  sources  of  unknown  use  non-determinism  to  future 
work,  but  note  that  that  no  complete  solution  can  exist  because  of  the  undecidability 
of  multiplicative-additive-exponential  linear  logic.  On  the  other  hand,  categorizing  and 
solving  other  kinds  of  unknown  use  non-determinism  can  give  decision  procedures  for 
larger  fragments.  These  investigations  will  depend  on  the  need  for  the  increased  expres¬ 
sivity;  for  example,  by  showing  how  a  negative  A  -°  1  gives  a  more  natural  encoding  than 
other  possibilities. 

In  the  next  section  we  give  first  a  backward  and  then  a  forward  calculus  to  handle  the 
affine  case.  One  particular  note  -  we  remove  all  hypotheses  1  in  the  ultimate  goal  sequent. 
Thus,  we  never  need  to  use  the  1 L  rule  at  all,  so  we  just  discard  it.  We  can  easily  add  these 
extra  Is  to  the  goal  sequent  if  needed  after  search  completes. 


3.3.1  Affine  zones  for  the  backward  calculus 


To  handle  the  affine  resources,  we  insert  a  new  affine  context  VF  among  the  hypotheses  of 
sequents,  giving  the  following  shape  for  sequents:  T  ;  M7  ;  A  =>  C.  We  view  this  affine 
zone  as  a  multiset  of  formulas,  just  like  the  linear  zone,  but  with  an  additional  structurally 
admissible  rule  of  weakening  (theorem  3.13[) .  The  resulting  logic  can  be  seen  as  a  fragment 
of  Hodas'  Omnibus  logicll54l.  which  has  a  strict  zone  in  addition  to  the  affine  context. 

For  the  judgemental  rules,  we  have  a  rule  of  promotion  to  turn  an  affine  hypothesis  into 
a  linear  hypothesis.  This  corresponds  to  committing  to  an  actual  use  of  the  affine  resource. 

T  ;A,A  C 


T  ;  M7,  A  ;  A  =>  C 


promote 
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On  the  other  hand,  affine  resources  can  remain  unused  because  we  allow  any  number  of 
them  to  escape  through  initial  and  other  axiomatic  sequents: 


T;W;A  =>  A 


init 


T;W; 


1 R 


T  ;  ^  ;  A  =>  T 


T  R 


T  ;  M7  ;  A,  0  =>  C 


0  L 


We  distinguish  propositions  of  the  form  A  &  1  and  1  &  A  by  treating  &1, 1&,  1®,  etc.  as 
operators.  However,  unlike  the  internalisation  of  judgemental  rules  as  connectives,  these 
operators  are  not  true  connectives  as  they  only  occur  on  the  left  of  sequents,  and  use  the 
usual  right  rules  for  &  and  1  to  infer  A  &  1  on  the  right.  Note  that  this  is  a  departure  from 
the  judgemental  presentation  laid  out  in  chapter  2.1|  however,  it  can  be  formalised  fully 
in  this  style  if  we  make  use  of  another  auxiliary  judgement  to  represent  1  on  the  right.  We 
do  not  take  this  step  because  the  calculus  with  affine  zones  is  not  being  put  forward  as  an 
extension  of  the  linear  sequent  calculus  with  its  own  independent  interest,  but  rather  to 
justify  an  improvement  in  the  treatment  of  affine  resources  in  the  forward  calculus. 

Now  for  the  rules  of  this  calculus.  All  the  sequents  are  assumed  to  have  propositions 
in  Inf.  No  rules  require  1  as  a  resource,  but  we  have  (derived)  rules  for  the  situations 
where  1  occurs  as  an  operand  of  the  principal  connective.  To  enforce  an  absence  of  one 
among  the  hypotheses,  we  add  some  side-conditions  to  &L. 


Judgemental  Rules 


T;W;p 


init 


r,  A  ;  W ;  A,  A  C 
f,  A  ;  B7 ;  A  =>  C 


copy 


r;W;A,A  =»  C 
F ;  T^A ;  A  ==>  C 


promote 


Multiplicative  rules 


r;\p;A=>A  r;¥';A'=>B 


®R 


r ;  W ;  A,  A,  B  =»  C 


;A,A'  =>  A®B  T ;  W ;  A,  A  ®  B  =>  C 

1 R  no  1 L 


<8>L 


T ;  B7 ;  •  ==>  1 

T;  T7;  A,  A  =*  B 
T  ;W  )A  =>  A-o  B 


r ;  W ;  A  =>  A  T  ;A,B  ==>  C  B±  1  T;W;A=^A  T)W'-,A=^C 

—  —°L  — „  ,T,  ,T„ — t — . , — „ —  1— oL 


r ;  ;  A,  A',  A  -o  B  ==>  C 


A,A',A-ol  =>  C 
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Additive  rules 


r;W;A=>A  T ;  M7 ;  A  =>  B 
T;W;  A  ==>  A&B 


&cR 


T ;  T' ;  A  ==>  T 


T  R 


T;W)A,A=>C  1  T;W;A,B=*C  A±1 


T;TCA,A&B  =>  C 
r;^,A;A  =>  C 
r ;  W ;  A,  A  &  1  ==>  C 

r;  W;  A  =>  A 


&1L 


©Ri 


T;TCA,A&B  =>  C 
r;W,B;A=>C 


r;'R;A,l&B  =»  C 
I’;'!';  A  ==>  B 


l&L 


T;  W;  A  ==>  A  ©B  1  r;TCA=>A©B 
f ;  W ;  A,  A  ==>  C  r;¥;A,B=>C  A*1  B±1 


©R2 


T;TC  A,A©B  =>  C 


©L 


T ;  W ;  A,  0  =>  C 


OL 


r;W;A,A=>C  r ;  W ;  A  =>  C  A*1  r ;  ^ ;  A  =>  C  T;W;A,B=>C  B*1 

-  ©IB  — — - „  iTj  '  '  - ^ -  1©L 


r ;  M7 ;  A,  A  ©  1  =>  C 


T;W;  A,1©B  =>  C 


Exponential  rules 


r,A;^;A  =>  C 
r ;  M7 ;  A, !  A  =>  C 


!  L 


A 


!  A 


!  R 


This  presentation  of  a  resource-management  motivated  three  zoned  logic  bears  a  strong 
resemblance  to  a  similar  system  of  Cervesato  et  al.  |23f  for  the  domain  of  (backward¬ 
reasoning)  linear  logic  programming  in  the  uniform  fragment.  The  primary  difference 
lies  in  the  interpretation  of  the  new  zone  -  strict  in  H23l  versus  affine  in  this  work.  The 
design  of  their  three-zoned  system  derives  its  primary  motivation  from  the  nature  of  & 
and  T,  with  the  strict  contexts  designed  to  handle  the  additive  nature  of  &.  In  a  similar 
sense  in  which  strict  contexts  arise  for  a  systematic  approach  to  resource  management  in 
backward  search,  we  claim  that  affine  contexts  arise  naturally  in  the  setting  of  forward 
search. 


Structural  properties.  We  obtain  an  easily  shown  admissible  structural  weakening  the¬ 
orem  for  the  affine  context,  in  addition  to  the  straightforward  extension  of  the  structural 
properties  for  the  unrestricted  context  in  theorem  2.17  to  the  three-zoned  setting.  Contrac¬ 
tion,  of  course,  is  not  admissible  for  the  affine  context,  though  it  continues  to  be  admissible 
for  the  unrestricted  context. 


Theorem  3.13  (Structural  properties). 
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1.  If  V  ::  T ;  M7 ;  A  =>  C,  then  D  ::  T,  F  ;  M7,  ;  A  =>  Cfor  any  F  and  MF  (Weakening) 

2.  IfD  ::  T,u  :  A,v  :  A ;  W ;  A  =>  C,  t/zen  [y/w]D  ::  T,z;:A ;  W ;  A  =>  C.  (Contraction) 


Proof.  Induction  on  the  structure  of  D. 


□ 


We  also  add  two  new  cases  to  the  cut  rule  to  cut  the  affine  resources: 


T  ;W;-=>A  T ;  W  ,A  ;  A'  =>  C 
r;^/^,;A'  =>  C 


affine  cut 


T ;  W ;  A  =>  1  T ;  W  ;  A'  =>  C 
r;^/^,;A/A/  =>  C 


1  cut 


The  first  case  is  a  straightforward  statement  that  a  goal  maybe  used  once.  The  second  case, 
however,  is  unusual  for  cuts  in  the  judgemental  philosophy  because  the  cut  proposition, 
1,  is  not  required  to  occur  in  the  second  premiss  at  all.  This  case  corresponds  to  having  1 
as  a  hypothesis  in  the  dyadic  system  of  chapter  2T]without  affine  resources.  Alternatively, 
one  might  view  a  sequent  T  ;  M7  ;  A  =>  1  as  an  internalisation  of  a  new  judgemental  form 
T ;  M7 ;  A  =>  #,  with  #  defined  as  a  condition  where  all  linear  resources  are  consumed.  This 
form  of  cut  is  familiar  from  Girard's  MIX  rule  for  classical  two-sided  sequent  calculi: 

T  ==>  A  r  =>  A' 


r,r  =>  a,  a 


MIX 


This  suggestive  similarity  can  be  formalized  in  great  detail  by  translating  from  classical  to 
intuitionistic  linear  logic.  A  more  complete  exposition  is  given  in  Chang  et  al.  |j27|.  where 
the  logic  with  MIX  rules  is  shown  to  be  equivalent  to  a  logic  of  resource  consumption, 
which  in  turn  gives  a  judgemental  explanation  for  MIX. 

Theorem  3.14  (Admissibility  of  cut). 

(1)  If  I ;  W ;  A  =>  1  and  T ;  W  ;  A  =>  C,  then  T ;  W,  W  ;  A,  A'  =>  C. 

(2)  If  I ;  W ;  A  =>  A  and  T ;  W  ;  A,  A  =>  C,  then  T ;  W  ;  A,  A  =>  C. 

(3)  If  I ;  W ;  ■  =>  A  and  T ;  W,  A ;  A  =»  C,  f/zen  T ;  ;  A  =>  C. 

(4)  If  I ;  ■ ;  •  =>  A  and  T,  A ;  W ;  A  =>  C,  then  T ;  ;  A  =>  C. 


Proof  sketch.  The  proof  is  a  straightforward  extension  of  that  of  theorem  2.21  We  shall 
omit  the  details  of  the  constructive  formalisation  of  the  cut  elimination  procedure,  and 
instead  sketch  just  the  major  differences  from  theorem  2.21[  As  usual,  we  name  the  three 
derivations  D,  &  and  "T .  The  lexicographic  ordering  is  extended  slightly  by  allowing 
proofs  of  kind  (3)  to  be  used  in  those  of  kinds  (2)  and  (1);  and  those  of  kind  (4)  to  be  used 
for  kinds  (3),  (2)  and  (1).  □ 
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Correctness.  While  cut  gives  us  global  soundness  of  the  sequent  calculus  with  affine 
resources,  we  still  need  to  prove  that  it  is  sound  and  complete  with  respect  to  the  dyadic 
system.  In  order  to  show  soundness,  we  employ  a  useful  shorthand,  M7  &  1,  to  stand  for  a 
context  consisting  of  every  proposition  A  in  M7  replaced  with  A  &  1  or  1  &  A.  We  obtain  a 
succinct  soundness  theorem. 

Lemma  3.15.  IfT ;  W  &  1,  A  =>  C,  then  T ;  (W,  W)  &  1,  A  =>  C. 

Proof.  Chain  a  sequence  of  1L  and  &L  rules.  □ 

Theorem  3.16  (Soundness).  IfT ;  W ;  A  =>  C,  then  T ;  W  &  1,  A  =>  C. 


Proof  By  induction  on  the  structure  of  the  derivation  D  ::  T ;  M7 ;  A  =»  C.  All  cases  except 
"init"  and  1 R  have  trivial  verifications.  For  these  two  rules,  we  appeal  to  lemma  3.15  □ 


We  also  obtain  a  strong  completeness  theorem,  schematic  for  affine  contexts. 
Theorem  3.17  (Completeness).  IfT ;  A  =>  C,  then  T ;  M7 ;  A  =»  Cfor  any  ML 


Proof  By  straightforward  structural  induction  on  the  derivation  of  T  ;  A  =>  C.  □ 


This  section  has  served  primarily  a  motivational  purpose;  we  now  turn  our  attention 
to  our  original  goal  of  controlling  affine  non-determinism  in  forward  reasoning. 


3.3.2  Affine  contexts  in  the  forward  calculus 

Like  before  with  the  unrestricted  contexts,  in  the  forward  direction  we  create  only  that 
subset  of  the  affine  context  that  we  can  infer  from  other  premisses  and  the  conclusion, 
with  the  sole  difference  that  in  order  to  maintain  the  affine  interpretation,  we  treat  the 
affine  context  multiplicatively.  Rules  for  formulas  with  1  as  an  operand  require  particular 
attention;  for  example,  consider  the  following  tempting  possibilities  for  A  -°  1: 

T ; M7, A ;  [A]a,  »  y  T;W;[A]w^y 

r;VF;[A,A&lL^y  &1L  T  ;  W ;  [A,  A  &  l]*  — »  y  &1L 

The  &1L'  rule  lacks  any  structural  control  on  the  number  of  occurrences  of  A  &  1.  We  have 
already  seen  this  problem  before  in  the  presence  of  the  1 L  rule,  removing  which  makes 
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the  iterative  nature  of  this  rule  obvious.  We  attack  this  problem  by  treating  this  second 
instance  as  a  kind  of  weakening;  thus,  we  use  the  second  of  the  above  rules  only  after  we 
have  more  information  about  the  multiplicity  of  A  &  1. 

When  do  we  learn  anything  about  the  multiplicity  of  a  formula?  Certainly,  we  can 
never  infer  the  exact  multiplicity  of  any  given  formula  by  just  looking  at  the  final  goal 
sequent  -  this  would  make  the  fragment  decidable,  and  we  already  know  that  linear  logic 
in  the  presence  of  additive  connectives  is  undecidable.  However,  we  do  know  that  the 
multiplicity  of  linear  A  &  1  exceeds  the  multiplicity  of  A  in  the  affine  context;  this  suffices 
to  control  the  iteration  of  &1L'  as  follows  -  remove  this  rule  entirely  from  consideration 
during  search,  and  assume  for  every  other  rule  with  a  weak  premiss  that  the  formula 
A  &  1  exists  implicitly  in  the  linear  context. 

Of  course,  in  the  proof  theory  it  becomes  tedious  to  modify  every  logical  rule  with  the 
tests  and  side  conditions  corresponding  to  these  implicitly  present  affine  resources,  so  we 
introduce  a  layer  of  abstraction  between  the  inference  rule  and  the  matching  conditions 
that  enable  the  rule.  Conceptually,  matching  conditions  in  the  forward  direction  generalize 
the  notion  of  occurrence  in  a  context,  written  exactly  like  adjunctions  (T,  A)  for  historical 
reasons.  This  notation  makes  perfect  sense  in  backward  reasoning,  because  the  contexts, 
ambiently  or  explicitly,  serve  as  parameters  for  the  search  procedure.  In  contrast,  because 
information  flows  in  the  opposite  direction  in  forward  reasoning,  inference  rules  construct 
the  contexts  of  the  conclusion  from  those  of  the  premisses,  treating  contexts  as  localized 
(first-class)  objects^]  As  a  matching  condition,  adjunction  describes  only  the  rather  simple 
condition  of  occurrence. 

In  order  to  obtain  a  more  complex  and  process-oriented  view  of  matching,  we  define 
a  new  judgement  on  zoned  contexts  T  ;  M7 ;  A  (written  T): 

T  n  T  +  A' 

which  we  read  "Y  admits  the  decomposition  Y',  A'."  We  abuse  notation  slightly  to  write 
[Y]w  to  stand  for  T ;  ;  [A]n,  if  Y  =  T  ;  W  ;  A.  The  modes  for  this  judgement  are  somewhat 

subtle:  it  takes  [Y]It,  and  A  as  input,  and  produces  the  output  [Y7]  if  it  succeeds.  The  rules 

3We  find  this  phenomenon  in  an  even  stronger  form  when  we  add  quantifiers  and  relax  all  equalities 
to  unifiability  -  existential  variables  in  backward  search  are  treated  globally,  affecting  otherwise  disjoint 
branches  in  the  derivation  tree,  and  requiring  undo  operations  for  backtracking.  Forward  reasoning  localizes 
these  variables,  giving  a  much  simpler  view  of  unification. 
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for  this  judgement  proceed  purely  in  the  bottom-up  direction,  with  the  output  Y'  read  off 
from  the  completed  derivation.  The  simplest  rule  for  this  judgement  merely  admits  the 
trivial  adjunction. 

Y  E  Y  +  • 


The  remaining  rules  fall  into  three  categories  for  the  three  different  zones.  For  the  linear 
zone: 


T  ;  W  ;  A  n  Y  +  A' 
T;W-rA,A  t=  Y  +  A', A 


^  linear 


For  the  affine  zone: 

T  ;  W  ;  A  t=  Y  +  A' 
r ;  M7,  A  ;  A  1=  Y  +  A',  A  &  1  &1 

T ;  'F ;  A  1=  Y  +  A'  , 
r  ;vF;Al=Y-t-A,,A&l  &1 


T  ;  W  ;  A  Y  +  A' 
r  ;  M7,  A  ;  A  1=  Y  +  A',  1  &  A  1& 

T ;  W ;  A  i=  Y  +  A'  , 

T  ;  M7 ;  A  1=  Y  +  A',  1  &  A  1& 


For  the  unrestricted  zone: 

T  ;  ^  ;  A  1=  Y  +  A' 

T,  A  ;  M7  ;  A  1=  Y  +  A', !  A 


T ;  W ;  A  i=  Y  +  A'  , 
r ;  W ;  A  t=  Y  +  A', !  A  ■ 


We  write  Y  1/  A  if  for  no  Y'  can  we  show  Y  1=  Y'  +  A.  Armed  with  this  matching  judgement, 
we  reconstruct  the  forward  calculus  of  section  |Y2  using  affine  contexts  and  other  insights 
of  section  3.3.1  In  every  rule  of  the  logic  requiring  a  particular  form  for  the  contexts  in  the 
premisses,  we  use  our  matching  judgement  in  place  of  special  contexts  for  the  premisses. 
Additionally,  the  matching  judgement  obviates  the  left  rules  l&L,  &1L  and  !  L,  so  we 
simply  omit  them. 


Judgemental  rules 


mw 


r.  A,  A ;  T7 ;  [A]w  — >y 

- m - t  mit  r  , — ,T,  r  t  - factor 

•;-;[A]o — >A  T,A}W ;  [A]a, — >y 

-*y  DXMr^Aj+A  [Y]a,  — >  y  Y  1=  (T ;  'F ;  A)  +  A 

T,A;W ;  [A]n,  — >  y  r ;  VF,A ;  [A]^  — >  y 


promote 


Note  that  in  the  "copy"  and  "promote"  rules  the  principal  formula  A  is  considered  as 
input.  The  "copy"  rule,  for  instance,  should  be  understood  to  mean  that  A  may  be  copied 
into  T  if  the  required  decomposition  can  be  shown. 
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Multiplicative  connectives 


[T  L— >7  T  t=  (r  ;  M7  ;  A)  +  A,  B 
T;W)[A,A®B]w^>y  ®L 

[T]i  — >  y  T  (r ;  M7 ;  A)  +  A  DTh  — >  y  X  t  (r ;  ^ ;  A)  +  B 

T ;  M7 ;  [A,  A  (2)  B]x  — >  y  ®x  T ;  W ;  [A,  A  0  B]x  — >  y  ®2 

T ;  W ;  [A]^  — >  A  F ;  \F ;  [A'L2  — >  B 

r(r;¥A';[A,A'U2^A®B  • ;  • ;  No  — >  1 

T ;  M7 ;  [A]Wl  — >  A  [XL*  — >  y  T  t=  (F  ;  W  ;  A')  +  B 

[T]n,  »  y  TtT+A  CDy  [T h  — >  C 

[X']w  — >  A^C  [T]i  -^A^C^K 


Additive  Connectives 


T;^;[A] 


Wl 


A  F  ;  W' ;  [A'] 


W2 


B 


Trr-,WUW;[A]W1  +  [A']W2 

[XL  — *  y 

T  t=  (r  ;  M7 ;  A)  +  A  B  ±  1 


A&B 


&B 


T ;  M7 ;  [A,  A  &  B]w  — >  y 

[XL  — >  A 


&Li 


®Bi 


— ►  t 

[X]w  — *  y 

T  1=  (r  ;  M7 ;  A)  +  B  A  =jt  1 


T ;  M7 ;  [A,  A  &  B] 
[XL  — >  B 


y 


T  R 


&l2 


m, 


[XL  — >  A  ©  B 

[X]Wl  — *  y 

T  1=  (f  ;  M7 ;  A)  +  A  T' ;W' ;[A']W2 


AffiB 


©B2 


r 


r,  F  ;  W  U  W  ;  [AL,  +  [A'L2,  A  ©l^yU  y 


7  ffilL 


[T'L2  — >  y' 

T}W;  [A]Wl  — >  y  T  t=  (F  ;  W' ;  A')  +  B 

r,F;WuW';  [A]Zi)1  +  WW 1  © B  — >  y  U  y'  l0L 

[T]W1  — >  7  [T'U  — >  y' 

X  i=  (T ;  W ;  A)  +  A  X  t=  (F  ;  W' ;  A')  +  B 
L  F  ;  ¥  U  W' ;  [A]^  +  [A']W2/  A  ©B^yU/^  • ;  • ;  [0]a 
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Exponential  rules 


[T  L— >A  T  1=  (r  ;•;•)  +  • 

E ;  • ;  [-]0  — >  l  A 

Correctness.  As  expected,  the  comparatively  complex  nature  of  these  rules  makes  sound¬ 
ness  and  completeness  non-trivial  properties.  In  fact,  even  simple  statements  of  corre¬ 
spondence  between  the  two  calculi  seem  difficult  to  obtain.  For  a  manageable  description, 
we  have  to  invoke  the  matching  judgement. 

T  ;  W ;  [A]0  — »  C  corresponds  to  F"  ;  W"  ;  A'  =>  C 

for  any  T'  2  T,  M7'  2  M7,  and  A'  2  A 

such  that  (F  ;  W' ;  A')  n  (T"  ;  ;  A)  +  (A'\A)  (lin') 

T ;  ;  [A]i  — »  y  corresponds  to  T' ;  M7' ;  A'  =>  C 

for  any  F'  2  T,  M7'  2  M7,  A'  2  A,  and  C  2  y  (weak') 

To  start  with,  we  need  to  establish  some  properties  of  the  matching  judgement. 

Lemma  3.18  (Bounding).  If  (r ;  M7 ;  A)  1=  (F ;  M7' ;  A')  +  A",  then: 

1.  V  c  r,  W  c  VF  and  A'  c  A;  and 

2.  !(r\r),  (^F\^)  &  1,  (A\A)  c  A". 

Proof.  Induction  on  the  structure  of  the  derivation  of  (r  ;  W  ;  A)  t=  (F ;  M7' ;  A')  +  A".  □ 

Additionally,  we  require  a  matching  lemma  that  drives  the  completeness  theorem. 

Lemma  3.19  (Matching).  If  T  ==>  C  and  T  E  (r ;  ;  A)  +  A'  then  T ;  ;  A,  A'  =>  C. 

Proof  Structural  induction  on  the  derivation  of  A1 ::  T  1=  (T ;  M7 ;  A)  +  A'.  We  illustrate  with 
a  pair  of  cases. 

(i)  The  last  rule  of  A1  is  i=iinear/  is.. 

r ;  W ;  A  t=  (F  ;  W  ;  A)  +  A" 
r ;  'F ;  A,  A  i=  (F  ;  W  ;  A)  +  A",  A 
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r ;  VF;  A,  A  =>  C 
r;vi/;A=»  A^C 
r  ;W  ;  A',  A"  =>  A  -o  C 
r';-;A^^C=>C 
F ;  T7' ;  A',  A”,  A  =>  C 

(ii)  The  last  rule  of  A1  is  i=&1/  z.e., 

T ;  T7 ;  A  t=  (F  ;  W' ;  A')  +  A" 

T  ;  W,  A  ;  A  i=  (F  ;  W ;  A')  +  A",  A  &  1 


hypothesis 
-oR 
ind.  hyp. 
easily  shown 
cut 


T ;  M7,  A  ;  A,  A  =>  C  hypothesis 

T ;  M7 ;  A,  A  &  1  =>  C  &1L 

T ;  W ;  A  =>  A  &  1  — o  C 

F;¥;A',A"=>A&l-oC  ind.  hyp. 

F;-;A&l,A&l-oC  =>  C  easily  shown 

F  ;  W' ;  A',  A",  A  &  1  =>  C  cut 


The  other  cases  follow  similarly.  For  the  matching  rules  for  the  unrestricted  context,  we 
appeal  to  theorem |2 . 1 7|  (extended  with  the  affine  zone).  □ 


With  these  lemmas,  we  may  now  prove  soundness  and  completeness  of  the  forward 
calculus  with  respect  to  the  backward  calculus.  Although  the  soundness  theorem  doesn't 
differ  much  from  before,  the  completeness  theorem  has  a  somewhat  unusual  form,  de¬ 
pending  on  the  matching  judgement.  Nevertheless,  we  can  prove  these  theorems  purely 
by  structural  induction  on  the  derivations.  The  difficulty  in  these  theorems  lies  not  in 
the  inductions  themselves,  which  follow  straightforwardly,  but  rather  in  the  choice  of 
sufficiently  strong  induction  hypotheses  that  make  the  inductions  valid. 

Theorem  3.20  (Soundness). 

1.  If[ T]0  — »  C  then  T  ==>  C. 

2.  If  Y ;  W ;  [A]i  — ■>  y  then  T ;  T7 ;  A'  ==>  Cfor  any  A'  □  A  and  C  □  y. 


Proof.  By  structural  induction  on  the  derivation  of  [T]a,  — >  y,  similar  to  the  proof  of 
theorem |3.9[  but  using  the  matching  and  bounding  lemmas  as  required.  We  omit  the  easy 
details.  □ 
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Theorem  3.21  (Completeness).  If  the  Inf  sequent  Y ;  M7 ;  A  =>  C  is  derivable,  then  for  some 
F  c  r,  W  c  VF,  and  y  c  C  such  that  the  following  match  holds 

(T  ;  W' ;  A)  i=  (T"  ;  >F"  ;  A")  +  A'" 

one  of  the  following  hold: 

1.  either  T”  ;  \F"  ;  [A",  A"']„  — »  C; 

2.  or  T"  ;  W' ;  [A',  A'"]i  — >  y  for  some  A'  c  A". 

Proof  By  structural  induction  on  the  derivation  D  ::  T ;  M7 ;  A  =>  C,  using  the  bounding 
and  matching  lemmas.  We  have  the  following  characteristic  cases  for  the  last  rule  in  D\ 

1.  "init",  "copy",  "promote",  1 R,  T R  or  !  R;  these  cases  follow  immediately  because  the 
rules  in  the  forward  and  backward  direction  differ  structurally  only  in  the  presence 
of  the  matching  derivation,  for  which  we  invoke  the  matching  lemma. 

2.  l&L  or  &1L;  for  example 

T  ;  M7,  A  ;  A  ==>  C 
£> ::  T  ; 'F  ;  A,  A  &  1  ^  C 

Invoking  the  bounding  lemma  (easel),  assume  given  F  U  F  c  r  andWi,  W2  c  (^F,A). 
Then,  we  have 

(a)  if  T1 ;  ;  [A, !  F,  ^F2  &  1]0  C,  then 

i.  if  1  &  A  G  ^2  &  1,  then  we  satisfy  case  (1); 

ii.  otherwise,  VFi,\F2  Q  and  we  satisfy  case  (1). 

(b)  otherwise,  Ti ;  Wi  ;  [A', !  T2,  W2  &  l]i  — »  C  for  some  A'  c  A;  the  above  argument 
still  applies,  except  now  we  satisfy  case  (2)  instead  of  (1). 

3.  Other  rules  require  a  similar  but  simpler  enumeration  of  possibilities.  □ 

Lest  the  completeness  theorem  give  the  impression  that  matching  as  a  judgement 
makes  forward  reasoning  unusably  complex,  we  can  restate  the  correspondences  to  the 
backward  calculus  in  simpler  terms  using  the  bounding  lemma. 

T  ;  W  ;  [A]0  — »  C  corresponds  to  F  ;  M7' ;  A'  =>  C 

for  any  F  D  f,  vp'  D  vp,  and  for  A'  3  A  where  every  element  of  A'\A  has  one  of  the  forms 
A  &  1, 1  &  A,  or  !  A;  and 

T  ;  ;  [A]i  — ■>  y  corresponds  to  F  ;  M7' ;  A'  =>  C 
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for  any  F  D  T,  T7'  □  M7,  A'  □  A,  and  C  □  y. 


3.3.3  Proof  extraction 


The  previous  section  gives  us  a  means  of  constructing  proofs  of  propositions  in  Inf,  but 
that  still  leaves  the  question  of  proving  the  original  sequent.  As  mentioned  already,  we 
first  construct  the  Inf  of  the  given  input  sequent.  Therefore,  the  problem  is  to  construct  a 
witness  for  the  original  sequent  given  a  proof  of  the  Inf  sequent.  A  first  attempt  might  be 
to  convert  the  sequent  derivation  for  the  Inf  sequent  into  that  of  the  original  sequent  as  fol¬ 
lows:  start  with  the  proof  of  the  Inf  sequent,  and  replay  the  rewrites  used  to  convert  the  se¬ 
quent  to  Inf  in  reverse,  making  local  modifications  to  the  derivations  as  needed,  to  recover 
the  derivation  for  the  original  goal  sequent.  For  example,  suppose  we  have  a  derivation 
T)  ::  T  ;  M7  ;  A  =>  A.  We  can  then  easily  see  that  ®R{Dr  1R  ;  A  ®  1)  ::  T ;  M7 ;  A  =>  A  <S>  1. 

This  attempt  breaks  down  on  the  left.  Given  a  derivation  D  ::  T,  A  ;W  ;  A  =>  C,  there 
is  no  way  to  locally  convert  it  to  a  derivation  of  D  ::  T,  A  <8>  1 ;  M7 ;  A  =>  C.  The  only 
way  to  proceed  is  to  cut  out  the  A  using  a  derivation  of  T,  A  <8>  1 ;  • ;  ■  =>  A  (easy  to 
achieve),  but,  being  a  cut,  will  cause  a  global  change  to  the  given  derivation  1).  Although 
straightforward  in  theory,  we  decided  not  to  implement  full  cut-elimination  for  sequent 
derivations  because  we  never  explicitly  construct  the  derivation  T)  in  full.  The  syntax  for 
D  uses  a  labelled  representation,  which  would  require  renaming  every  time  a  sequent  is 
considered  as  a  premiss  of  an  inference  rule.  The  information  we  do  maintain  is  insufficient 
for  cut-elimination. 


Instead,  we  implement  the  proof  extraction  at  the  level  of  natural  deduction  proof 
terms.  Recall  that  our  overall  goal  is  to  present  a  natural  deduction  proof  to  the  user. 
Suppose  we  know  (T)i ;  (A)i  b  M:  (C)i.  The  question  then  is  how  to  construct  N  from  M 
such  that  T ;  A  h  N :  C.  Since  the  1  normal  form  transformation  in  definition  3.12  works 
solely  with  equivalences,  we  know  that  for  every  proposition  A,  we  can  define  two 
functions  fA  and  gA  such  that 


T  ;  ■  b  fA :  A  -°  (A)x  and  r ;  •  b  :  (A)i  -o  A. 


Therefore,  given 


:  (Ai)i, . . . ;  V\ :  (£>i)i, ...  b  M :  (C)i 
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We  have: 


b  gc  [/a,  u[/ ulr . . . ,  fBl  v[/vlf. .  .]M:C. 

Of  course,  this  resulting  proof  term  will  not  be  normal,  but  it  can  be  normalised  if  needed. 


3.4  Optimization:  irredundancy 


The  optimization  in  the  previous  section  is  motivated  by  observing  the  behaviour  of  the 
1  connective  and  an  attempt  to  control  the  weakening  induced  by  it.  In  order  to  achieve 
this,  we  had  to  implicitly  generalize  the  notion  of  subsumption  of  sequents  to  allow  for 
such  locally  affine  resources.  We  already  have  a  notion  of  subsumption  of  sequents: 


definition  3.7  If  forward  reasoning  is  to  produce  new  knowledge,  one  obvious  restriction 
to  ensure  that  the  rules  of  our  calculus  do  not  produce  sequents  that  will  be  immediately 
subsumed  by  one  of  the  premisses  of  the  rule.  We  call  this  an  irredundancy  criterion  for 
inference  rules. 


Definition  3.22  (Irredundancy  criterion).  A  rule 

W  ,  [Ax]^  >  yi  •  •  •  Yn  ,  [An]K,H  >  yn 

To ;  [AoU  — >  y o 

is  said  to  be  irredundant  if  for  no  /'el...  n  is  (f, ;  [Ai\Wi  — >  yi)  <  (T0  ;  [A0]a,0  — >  y0 ). 


It  turns  out  that  not  all  rules  of  the  calculus  of  section  3.2.2  are  irredundant.  A  simple 
example  is  !  L,  wherein  we  are  allowed  to  conclude  (assuming  A  i  T): 


T ;  [A]a  — >  y 
T ;  [A, !A]i  — >  y  'L 


In  this  case,  the  conclusion  of  the  rule  is  immediately  subsumed  by  the  strictly  stronger 
premiss,  and  therefore  provides  no  new  information.  For  proof  search,  it  is  important  to 
eliminate  such  fruitless  applications  of  inference  rules. 


Redundancy  also  shows  up  in  a  subtler  form  when  rules  are  chained  together.  For 
example,  the  following  are  two  ways  to  apply  ®L  to  the  sequent  T ;  [A,  A,  B]  \  — >  y  using 
the  resources  A  and  B: 

r ;  [A,  A,  B]i — >y  r;[A,A,B]! — >y 

r ;  [A,  A  &>£>]!  — >  y  T  ;[A,A®B,B]i  — »  y 
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In  the  first  case  both  resources  are  consumed,  but  in  the  second  case  only  the  resource  A 
is  consumed.  It  is  clear  that  the  conclusion  of  the  first  rule  subsumes  the  conclusion  of  the 
second  rule;  thus,  it  is  only  necessary  to  allow  ®L  applications  of  the  first  kind. 


To  prevent  applications  of  the  second  kind,  we  have  to  introduce  a  new  kind  of 
precondition  on  inference  rules:  a  negative-existence  condition.  That  is,  we  modify  the  ®L' 
rule  from  before  into: 


T-AA'Ah^y  Bt  A 


T;[A,A®B]1 


y 


®L\ 


and 


T-r[ArBh^y  At  A 


T ;  [A,  A  ®  B]i 


r 


®L' 


In  other  words,  we  require  one  of  the  operands  to  be  present  and  the  other  to  be  absent 
if  we  are  to  use  the  implicit  weakenability  of  weak  sequents.  If  both  operands  are  present, 
then  we  consume  both  of  them  in  the  standard  ®L  rule.  In  the  rest  of  this  section,  we  will 
perform  a  similar  optimization  on  every  rule  of  the  calculus.  This  will  not  only  create  a 
calculus  where  all  rules  are  irredundant,  but  also  provide  precise  matching  conditions  to 
minimize  redundant  creation  of  sequents. 


As  already  mentioned,  we  refine  the  ®L  rules  to  prevent  creation  of  redundant  conclu¬ 
sions. 

T ;  [A,  A,  B]w — >y  T;[A,A]i — >y  B  t  A  T;[  A,B]i — ■>  y  At  A 

T;[A,A®B]w^y®L  T ;  [A,A®B]1  — »  y  1  T  ;[A,A®B]1  — »  y  2 

Similarly  for  1L,  where  we  no  longer  even  need  to  consider  the  case  of  weak  sequents  as 
the  conclusion  would  be  immediately  subsumed. 

T ;  [A]0  »  C 

T ;  [A,  1]0  — >  C  AL 


The  right  rules  ®R  and  1R  require  no  modifications  because  in  each  case  the  proposition  on 
the  right  of  the  sequent  arrow  changes,  ensuring  that  the  conclusion  can  not  be  subsumed 
by  a  premiss  according  to  definition  3.7| 

For  -oR  for  weak  sequents,  we  have  the  following  possibilities:  if  the  antecedent  is 
present  as  a  resource  in  the  premiss,  we  can  be  lax  about  the  conclusion: 

T ;  [A,A\i  — >y  yCB 
T ;  [A]i  — »  A-oB 


If  the  antecedent  is  absent,  then  the  right  hand  side  must  be  present  to  prevent  a  redundant 
conclusion: 

T ;  [A]x  — >  B  At  A  D 
T ;  [A]x  — >  A  -o  B  2 
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Note  here  the  side  condition  A  £  A;  if  this  were  not  required,  then  we  would  be  able  to 
apply  -o R  in  two  different  ways,  giving  a  stronger  conclusion  in  one  case  as  follows: 

T ;  [A,  A]i  — >  B  T ;  [A,A]i  — >  B 

T ;  [A]i  — >  A^>  B  T  ;  [A,  A]i  — >  A  -o  B 

For  -o L  on  the  principal  resource  A  B,  there  are  two  important  cases  to  consider.  In 

the  first  case,  the  premiss  with  resource  B  is  strong,  i.e., 

r ;  [A];f,  — >  A  F ;  [A',  B]0  — »  C 
T,  T' ;  [A,  A',  A  -o  B]w  — >  C 

Note  that  the  right  hand  side  of  the  first  premiss  is  forced  to  be  present,  for  if  it  were 
absent  (which  would  require  w  =  1),  then  the  conclusion  is  weaker  than  the  premiss  and 
the  rule  is  redundant.  The  other  case  is  where  the  premiss  with  resource  B  is  weak,  i.e., 
we  have: 

T ;  [A]w  — ■>  A  T'-AA'rBh^y 
T,  T' ;  [A,  A',  A  -°  B]w  — >  y 

(Clearly  B  must  be  present  in  the  premiss,  or  the  conclusion  would  be  subsumed  by  this 
premiss.)  Now  we  obtain  an  odd  interaction  with  the  first  premiss  if  A  =  A",  B: 

T ;  [A",  B]w  — >  A  P  ;  [Ar,  B]x  — >  y 
r,T' ;  [A",B,  A',A  -o  B]w  — >  y 

The  conclusion  is  now  subsumed  by  the  second  premiss!  We  must  therefore  ensure  that 
B  does  not  occur  as  a  resource  in  the  first  premiss.  Thus  we  obtain  a  somewhat  strange 
form  of  the  irredundant  -°L  rule: 

T ;  [A]a,  — >  A  P  ;  [A',B]W>  — >  y  (w'  =  0  V  B  t  A) 

T,P;[A,A',A^BW  7 

The  additive  rules  are  already  irredundant.  For  the  exponential  rules,  specifically  for  !L, 
we  have  to  ensure  that  if  we  implicitly  weaken  the  unrestricted  context  then  the  conclusion 
of  the  rule  is  not  subsumed  by  the  premiss.  This  is  the  case  only  if  the  conclusion  is  not 
weak.  Thus,  we  obtain: 

T ;  [A]u,  — ■>  y  (A  e  T  V  w  =  0)  ^ 

T\A-,[A,lA\w^y  !L 


92 


Theorem  3.23  (Irredundant  formulation).  The  modified  rules  presented  in  this  section  are  all 
irredundant. 


Proof.  Simple  inspection. 


□ 


Completeness  of  the  irredundant  formulation  is  rather  an  obvious  property,  because 
there  are  no  cases  in  the  proof  of  theorem  3.11  that  require  the  use  of  a  redundant  rule. 


Theorem  3.24  (Completeness  of  irredundant  forward  derivations). 
Suppose  T ;  A  =>  C.  Then, 

(a)  either  F  ;  [A]0  — >  C, 

(b)  or  I' ;  [A']i  — ■>  y 

for  some  F  c  r.  A'  c  A  and  y  c  C. 


Proof  Same  proof  as  for  theorem  3.11 


□ 


Irredundancy  manifests  in  an  implementation  in  the  form  of  strong  negative  existence 
checks  on  the  applicability  of  a  given  rule  to  a  sequent.  In  the  propositional  case  it  is 
relatively  straightforward  to  ensure  that  a  given  proposition  does  not  occur  in  the  input 
sequent.  When  extended  to  the  first-order  calculus,  however,  these  negative  existence 
conditions  are  not  as  straightforward  as  they  require  the  use  of  unification.  As  unification 
is  an  expensive  operation  to  perform  too  often,  it  turns  out  that  it  is  simply  better  to  pay 
the  penalty  of  (knowingly)  creating  redundant  sequents  sometimes.  Furthermore,  in  the 
presence  of  free  variables  in  the  calculus,  factoring  is  no  longer  a  unitary  operation,  i.e., 
there  are  many  incomparable  factors  of  a  given  sequent.  It  is  impossible  to  ensure  that 
factoring  produces  irredundant  sequents  without  an  exhaustive  test  of  all  factors  of  a 
sequent  for  redundancy,  which  entirely  misses  the  point  of  these  optimizations  intended 
as  tight  matching  conditions  on  rule  applicability.  Lastly,  when  we  allow  derived  rule 
creation  using  focused  derivations  in  chapter  [6j  we  find  that  the  negative  existence  con¬ 
ditions  considerably  complicate  the  presentation  of  the  focusing  calculus  and  the  proof 
of  its  completeness.  Unsurprisingly,  they  are  very  tricky  to  implement  for  multi-premiss 
derived  rules;  as  seen  for  -°L,  the  non-existence  condition  requires  interactions  between 
entirely  disjoint  branches  of  a  derivation,  and  the  situation  is  already  enormously  complex 
with  just  two  interacting  -°L  rules.  Therefore,  for  both  theoretical  and  practical  reasons. 
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we  shall  not  use  irredundant  calculi  further  in  this  work.  Note  that  we  always  check  if  a 
newly  generated  sequent  is  subsumed  by  an  earlier  sequent  before  keeping  the  sequent 
for  future  rule  applications,  so  irredundancy  is  always  ensured  by  our  search  procedure. 


3.5  Historical  review 

Resource  management  in  backward  reasoning  has  a  relatively  long  history  given  the  age  of 
linear  and  sub-structural  logics,  with  the  earliest  identification  of  this  issue  in  proof  search 
dating  back  to  the  work  of  Harland  and  Pym  in  1991  Il48l.  Subsequently,  in  the  settings  of 
backward  proof  search  and  logic  programming  in  the  (linear)  uniform  fragment,  Harland 
and  Winikoff  Il56l,  Cervesato,  Hodas  and  Pfenning  11231,  and  most  recently  Harland  and 
Pym  H49H  have  provided  solutions  for  the  resource  management  problem.  The  weakening 
annotation  introduced  in  this  paper  bears  a  strong  resemblance  to  a  similar  notation  in 
H23l.  although  the  interpretation  differs  considerably  because  of  the  different  nature  of 
forward  search. 

To  the  best  of  our  knowledge,  resource  management  in  the  forward  direction  has  not 
received  any  satisfactory  treatment  in  the  literature  (aside  from  the  present  work).  The 
oldest  work  on  forward-reasoning  in  linear  logic,  due  to  Mints  H83j,  discusses  a  kind  of 
resolution  calculus  for  linear  logic;  however,  his  resolution  calculus  differs  significantly 
from  the  usual  notion  of  resolution  because  of  the  inclusion  of  axiomatic  clauses  of  the 
form  T,  T.  The  context  T  in  these  clauses  remains  unspecified,  so  for  an  implementa¬ 
tion  it  becomes  necessary  to  restrict  the  use  of  such  axioms,  specifically  by  discovering 
permutations  in  the  resolutions  steps  that  allow  pushing  these  axioms  downwards.  The 
resolution  calculus  of  Mints  suffers  from  an  additional  problem,  arising  from  the  inclusion 
of  explicit  weakening  rules  for  the  classical  "why  not"  modality,  ?.  Tammet  111101  has  per¬ 
formed  a  fuller  examination  of  the  allowable  permutations,  together  with  more  efficient 
treatment  of  weakening  and  exponentials,  but  both  Mints  and  Tammet  describe  what  we 
now  understand  as  resource  management  problems  in  terms  of  search  strategies.  In  other 
words,  their  calculi  lack  the  explicit  examination  of  resource  management  issues  in  the 
proof  theory,  in  the  style  of  Cervesato  et  al  112311  or  Harland  and  Pym  [49l.  We  have  not 
encountered  any  other  investigations  of  forward  reasoning  in  linear  logic  in  our  literature 
survey. 
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Chapter  summary  In  this  chapter  we  have  presented  the  first  forward  sequent 
calculus  for  the  propositional  fragment  of  the  logic  of  chapter  |2j  We  have  further 
presented  two  possible  optimisations:  one  detects  certain  idiomatic  uses  of  1  and 
handles  them  using  a  specially  moded  context,  and  the  other  makes  peephole  op¬ 
timisations  to  the  inference  rides  to  prevent  creating  redundant  conclusions.  The 
development  of  these  calculi  are  motivated  by  resource-management  considerations. 

The  next  chapter  will  present  the  inverse  method  that  implements  the  forward 
calculus  of  this  section. 
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Chapter  4 

The  Inverse  Method 


The  forward  calculi  in  the  previous  chapter  are  designed  to  be  used  in  a  forward  search 
procedure,  but  there  are  several  details  of  the  procedure  that  are  not  illuminated  by  the 
calculus  itself.  In  this  chapter,  we  shall  lay  out  the  details  of  the  inverse  method  search 
procedure  that  uses  the  calculus  of  the  previous  section.  We  continue  in  the  propositional 
fragment  of  the  previous  chapter.  When  we  extend  the  forward  calculus  with  quantifiers 
(in  chapter  [5]),  we  shall  describe  the  modifications  required  to  the  algorithm  outlined  in 
this  chapter  then. 


4.1  The  Subformula  Property 

The  key  technical  property  that  makes  the  inverse  method  possible  is  the  subformula 
property.  Stated  simply,  in  cut-free  sequent  calculus  proofs,  we  need  to  consider  only 
sequents  composed  of  subformulas  of  the  goal  sequent.  To  illustrate,  assuming  we  have 
sequents  containing  A  and  B,  then  we  never  consider  a  rule  to  infer  a  sequent  about  A  &  B 
from  these  sequents,  unless  A  &  B  occurs  as  a  subformula  of  the  goal  sequent.  Formally, 
we  present  this  property  property  in  terms  of  a  subformula  relation  for  propositions.  To 
describe  the  subformula  relation  in  its  strongest  form,  we  decorate  subformulas  with 
certain  marks: 

1.  Sign  (also  known  as  polarity),  which  we  write  as  a  superscript  +  ("positive")  or  “ 
("negative"),  written  schematically  as  *.  The  operands  of  all  binary  connectives 
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inherit  the  sign  of  the  formula,  with  the  exception  of  A—°B,  for  which  A  receives  the 
opposite  sign.  Formulas  to  the  right  of  the  sequent  arrow  receive  the  positive  sign, 
and  those  on  the  left  the  negative  sign.  Thus,  these  signs  indicate  the  side  of  the 
sequent  arrow  where  the  formula  occurs  as  a  principal  formula  when  it  is  inferred. 

2.  Availability,  which  we  write  as  a  subscript  t  ("unrestricted")  or  .  ("linear"),  and 
schematically  as  a.  Top-level  formulas  in  the  unrestricted  context,  and  operands  of 
!  receive  this  decoration,  but  the  subformulas  do  not  inherit  the  decoration.  These 
signs,  therefore,  determine  whether  the  formula  is  allowed  to  occur  in  the  unre¬ 
stricted  context,  and  thus  serve  as  a  guide  for  the  copy  rule. 

Definition  4.1  (Decorated  propositions).  A  decorated  proposition  is  of  the  form  A f  where  a  is 
either  !  or  ■  and  ±  is  either  +  or  A  partially  decorated  proposition  may  omit  either  the  sign  or 
the  availability  decoration. 

Definition  4.2.  A  (partially)  decorated  context  consists  of  (partially)  decorated  propositions  of  the 
same  sign  and  availability.  We  appropriate  the  notations  ±  and  afor  (partially)  decorated  contexts. 

Definition  4.3.  A  decorated  sequent  is  of  the  form:  Tj~ ;  A  7  =>  C+. 

Definition  4.4  (Decorated  subformula  relation).  The  decorated  subformula  relation  <  between 
decorated  propositions  is  the  reflexive-transitive  closure  of  the  following  cases. 

A±  <  (A*  £>)*  B±<(A*B)±  . . .  *  £  {0,  &,  ©} 

AT<(A^B)±  B*  <  (A  B)* 

Af  <  (!A)±  A±  <  Af 

(We  abuse  notation  slightly  by  writing  A±  <  B±  for  the  parallel  pair  A+  <  B+  and  A~  <  B~ 
together,  and  use  +  as  the  " opposite "  of  ±  for  the  antiparallel  case.)  On  the  atoms  and  propositional 
constants  it  is  the  identity.  We  assume  the  standard  forgetful  restrictions  of  this  relation  to 
partially  decorated  propositions,  and  the  pointwise  extension  of  this  relation  to  sets  and  collections 
of  (partially)  decorated  propositions. 

Note  that  the  last  case  of  the  definition  of  <  makes  the  linear  decoration  subordi¬ 
nate  to  the  unrestricted  decoration.  This  is  informed  by  judgemental  considerations:  an 
unrestricted  resource  may  be  copied  arbitrarily  often  into  a  linear  resource. 
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Definition  4.5  (Decorated  subsequent  relation).  A  decorated  sequent  Si  =  T,  ;  A.  =>  C+  is  a 
subsequent  of  the  sequent  S2  =  TV  ;  A'7  =>  C,+,  written  si  <  S2  if: 

rv  u  A':  u  c,+  <  rr  u  a:  u  c+ 


Using  the  subformula  relation,  we  may  state  the  subformula  property  of  the  sequent 
calculus  in  the  strongest  form  as  follows: 

Theorem  4.6  (Subformula  property).  IfT' ;  A'  =>  C  appears  in  a  proof  of! ;  A  =>  C,  then: 

rr  u  a':  u  c,+  <  rr  u  a:  u  c+ 


Proof  Induction  on  the  structure  of  D  ::  T ;  A  =>  C  by  splitting  cases  on  the  final  rule  used. 
In  each  case  we  assume  that  the  condition  holds  for  the  conclusion  of  the  rule,  and  then 
show  that  it  holds  for  the  premisses.  For  the  signs,  the  argument  is  fairly  straightforward. 
For  availability,  we  have  to  sometimes  appeal  to  the  fact  that  an  unrestricted  decoration 
may  be  relaxed  to  a  linear  decoration.  □ 


By  theorem  3.11  sequents  in  the  forward  calculus  contain  a  subset  of  formulas  in  the 
backward  calculus.  Thus, 


Corollary  4.7.  IfT' ;  [A']a,  — *  y'  appears  in  a  proof  of  T ;  [A]^  — »  y,  then: 

rr  u  a':  u  y+  <  rr  u  a:  u  y+ 


Proof.  Directly  from  theorem  |4.6[ 


□ 


4.1.1  Labelling  and  specialized  rules. 

The  subformula  property  gives  us  the  core  of  the  inverse  method  procedure.  We  start 
with  initial  sequents  of  the  form  ■ ;  ■  [p]0  =>  p,  where  the  atom  p  occurs  as  both  a  positive 
and  a  negative  subformula  of  the  decorated  goal  sequent.  Since  we  need  some  way  to 
refer  to  subformulas  of  the  goal  sequent,  we  label  label  all  subformulas  with  new  fresh 
(propositional)  labels,  which  we  write  using  the  propositional  atomic  variables  u,  l,  r,  etc. 

Definition  4.8  (Notational  definition).  We  write  l#  A  to  denote  that  l  is  the  label  for  the 
proposition  A. 
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Definition  4.9  (Labelling).  Given  a  goal  sequent  Alr . . . ,  Am  ;Blr..., Bn  =>  C,  we  define  the 
following  top-level  labels:  ip  #  Au  f  #  and  r  #  C.  Furthermore,  we  label  every  non-atomic 
subformula  of  the  sequent  using  a  unique  label. 

We  also  specialize  all  rules  to  these  labels  by  means  of  a  pre-processing  stage  before 
entering  into  the  main  search  procedure.  We  do  not  maintain  general  rules  for  conjunction, 
disjunction  etc.,  but  instead  have  a  version  of  every  rule  for  every  label,  with  the  label 
taking  the  role  of  the  principal  formula. 

4.1.2  Sequent  representation 

Represented  sequents  consist  of  a  collection  of  labels  of  resources  and  the  label  of  the  goal. 
More  precisely,  these  collections  are  multisets.  For  each  label,  we  maintain  a  multiplicity 
of  that  label,  standing  for  the  number  of  instances  of  that  particular  subformula  in  the 
sequent.  These  multiplicities  are  per  subformula  of  the  goal  sequent,  not  per  proposition, 
as  identical  non-atomic  subformulas  that  originate  from  different  parts  of  the  sequent 
will  receive  different  labels.  However,  this  artificial  restriction  is  removed  for  the  atomic 
propositions,  for  which  the  multiplicity  reflects  the  number  of  instances  of  that  proposition 
in  the  sequent.  This  is  necessary  for  initial  sequents,  as  the  same  label  must  occur  on  both 
sides  of  the  sequent  arrow. 

The  implementation  of  contexts  of  labels  is  guided  by  several  considerations.  The  most 
common  operation  in  the  theorem  prover  is  querying  for  the  existence  of  a  given  resource 
or  label  in  the  sequent.  Therefore,  these  context  representations  must  support  efficient 
lookup  and  update  of  the  multiplicities  of  resources.  Another  common  operation  in  the 
forward  direction  is  the  join  of  contexts  of  resources  multiplicatively.  Thus,  the  collections 
must  support  efficient  merge  operations  also.  However,  in  the  linear  theorem  prover  we 
are  entirely  uninterested  in  the  ordering  of  the  resources  and  labels  in  the  contexts  (though, 
for  presentational  and  debugging  purposes,  it  is  good  to  be  able  to  consistently  linearise 
a  context  in  a  predictable  order). 

The  implementation  of  contexts  we  choose  is  a  binary  map  between  labels  and  their 
multiplicities.  The  underlying  map  data  structure  is  a  dynamically  reorganizing  persistent 
splay  tree  II107II  with  the  following  relaxation:  merges  are  not  required  to  guarantee 
amortized  constant  access  to  the  elements  of  the  tree.  Labels  are  selected  by  generating 
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uniformly  hashing  the  string  representation  of  their  names,  and  they  are  ordered  by  their 
hash  values. 

In  addition  to  the  multiplicity  of  labels,  we  also  maintain  the  current  weak  flags  for 
the  linear  resources  and  the  judgement  ( goal  or  poss)  on  the  right  of  the  sequent  arrow. 
We  do  not,  however,  maintain  any  hypothesis  variables  in  sequents. 

Definition  4.10  (Sequent  representation).  A  forward  sequent  is  represented  as  follows 

U\  #  A\, . . . ,  um  #  An  ; 

' - - - "  - - ~ " 

r  a 

where  each  Ui,  f  and  r  are  labels  of  subformulas  of  the  final  goal  sequent,  kj  are  the  multiplicities  of 
the  corresponding  labels,  and  w  is  the  weakening  flag  on  the  linear  context  A.  Define  mult(T,  l)  as 
the  multiplicity  of  label  l  in  context  T,  and  similarly  for  A. 

For  the  rest  of  this  work,  the  propositional  parts  (i.e.,  of  the  form  #  A)  will  be  omitted 
when  not  particularly  relevant. 

4.1.3  Subsumption 

In  the  saturation-based  search  that  we  use  in  the  forward  direction,  there  is  a  so-called 
conjunctive  non-determinism  in  selecting  sequents  for  applying  rules.  It  is  therefore  criti¬ 
cally  important  that  the  database  of  sequents  available  as  candidates  for  rule  application 
contains  as  little  redundancy  as  possible.  We  therefore  have  to  resort  to  checking  for 
sequent  subsumption  whenever  a  new  sequent  is  created;  this  is  sometimes  referred  to  as 
forward  subsumption. 

The  complications  in  the  linear  setting  lie  in  handling  the  linear  context  for  weak 
sequents,  for  which  we  allow  subsumption  of  sequents  with  weaker  contexts  even  though 
we  don't  have  an  admissible  structural  theorem  for  weakening  the  linear  context  of  weak 
sequents.  Nevertheless,  we  don't  lose  completeness  because  we  can  always  use  the 
stronger  sequent  for  any  purpose  the  weaker  sequent  might  serve. 

In  implementing  subsumption,  it  is  much  more  important  to  detect  failures  as  early 
as  possible  because  the  vast  majority  of  sequent  comparisons  will  not  yield  a  positive 
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subsumption  match.  The  usual  strategy  employed  is  to  perform  a  sequence  of  hierarchical 
tests  that  imply  subsumption  if  and  if  they  all  succeed.  For  the  propositional  case  these 
tests  are,  for  the  most  part,  easily  done,  but  because  we  will  want  to  extend  them  to  the 
first-order  case  in  the  next  chapter,  it  is  still  instructive  to  see  the  order. 

Definition  4.11  (Hierarchical  subsumption  tests).  A  sequent  Si  =  T ;  [A]ro  — >  y  does  not 
subsume  s2  =  T' ;  — »  y',  written  s  id  s2if 

1.  w  =  0  and  w'  =  1;  or 

2.  y  y';  or 

3.  A  £  A';  or 

4.  r  £  F;  or 

5.  Si  7^  s2. 

Here  Ter'  if  for  every  l  e  dom(r),  mult{T,l)  <  mult(T',l),  and  similarly  for  A.  As  usual, 
y  Q  y'  if  and  only  ify=  ■  or  y  =  y'  -  r#  C. 

Since  we  are  only  interested  in  detecting  failures,  we  never  use  the  positive  version 
(<)  of  this  test.  Operationally,  the  cases  of  the  test  are  treated  as  a  large  if-then-else 
statement.  We  also  have  the  following  trivial  theorem  whose  proof  we  omit: 

Theorem  4.12  (Completeness  of  hierarchical  tests).  For  any  pair  of  sequents  Si  and  s2,  Si  -<  s2 
(i.e.,  si  subsumes  s2)  if  and  only  if  not  S\  id  s2.  □ 

4.1.4  Factoring 

The  rule  "factor"  has  to  be  explicitly  implemented  in  the  forward  direction  because  the 
input  unrestricted  (and  weak  linear)  contexts  are  not  guaranteed  to  be  equal  in  additive 
rules.  The  important  question  to  answer  in  an  implementation  is  when  to  apply  the 
factoring  rules.  Factoring  too  often  may  put  a  large  strain  on  the  main  loop  of  the 
proving  engine,  wasting  time  tidying  sequents  that  may  never  yield  a  proof.  Contrarily, 
keeping  sequents  unfactored  can  lead  to  increasing  the  amount  of  non-determinism  in 
rule  application  (as  unfactored  labels  can  be  matched  in  a  rule  application  several  times). 
We  have  experimented  with  both  strategies  and  found  that  delaying  factoring  rarely  has 
a  performance  benefit  in  the  absence  of  focusing,  and  delayed  factoring  is  very  complex 
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to  implement  in  the  presence  of  first-order  quantifiers.  In  the  propositional  case,  factoring 
is  actually  extremely  easy  to  implement. 

Definition  4.13  (Factoring).  Given  two  contexts!  i  and  T2,  their  common  factor,  writtenT1  U  T2, 
is  defined  to  be  the  context  with  domain  dom(Ti)  U  dom(r2)  such  that  for  every  l  e  dom(r), 
mult(T,l)  =  max(mult{f  i,  l),  midt(T2,  /)). 

Note  that  this  is  the  same  notion  as  the  least  upper  bound  of  multisets  as  defined  in 
sec.  13.2.21 

In  our  implementation  we  do  not  have  an  arbitrary  rule  "factor",  but  rather  eagerly 
factor  contexts  whenever  needed.  Thus,  for  example,  the  ®R  rule  is  implemented  as 

Ti ;  [Ai]^  — »  rA#  A  goal  T2  ;  [A2\W2  — »  rB#B  goal 
Ti  u  T2 ;  [Ai,  Azliyjva^  — *  r#  A®  B  goal 

As  a  side-effect,  the  multiplicity  of  every  label  in  the  unrestricted  context  is  always 
at-most  1,  i.e.,  the  unrestricted  context  is  interpreted  as  a  set  instead  of  a  multiset.  An 
implementation  can  make  use  of  this  property  to  select  a  specialised  set  data  structure 
for  its  representation,  but  in  our  implementation  we  have  chosen  to  treat  all  contexts 
uniformly.  The  following  proof  of  completeness  can  be  formalised  if  necessary,  but  it  is 
such  an  obvious  property  that  we  have  not  taken  this  additional  step. 

Fact  4.14  (Completeness  of  eager  factoring).  The  version  of  the  forward  calculus  with  eager 
factoring  is  complete  with  respect  to  the  calculus  with  explicit ' factor  "  rules.  □ 

4.1.5  Rules  and  rule  application 

As  mentioned  earlier,  rules  are  precomputed  to  the  specific  labels  of  the  subformulas  of 
the  goal  sequent.  If  the  positive  proposition  r#A®B  occurs  in  the  goal  sequent,  and 
r a  #  A  and  rg  #  B  are  the  labels  of  the  operands,  then  the  following  rule  will  be  generated 
for  this  label: 

ri;[Ai]n,  — >rA  T2;[A2\W — >  rB 

- r  r  .  r  a - Tl -  (4.1) 

Id,  r2  ,  [Ax,  A2]z(;iva)2  *  r 

To  apply  a  rule  to  a  given  input  sequent,  we  have  to  first  match  a  premiss  of  the  rule  to 
the  input  sequent.  Matching  is  non-deterministic:  the  same  sequent  can  match  the  same 
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premiss  in  a  number  of  different  ways.  To  formalise  this,  we  need  a  definition  of  a  sequent 

schema 


Definition  4.15  (Sequent  schema).  A  sequent  schema  is  of  the  form: 


Ml,  •  •  •  /  Um  / 


r 


r 

< 


where  co  is  0, 1  or  •,  and  the  remaining  components  have  the  same  meanings  as  in  definition  4.10 


Definition  4.16  (Matching).  We  say  that  a  schema  o  -  Ts ;  [As]a,s  — >  ys  matches  an  input 
sequent  s  =  T ;  [A]ro  — >  y  if 


1.  rs  c  r, 

2.  As  c  A, 

3.  oo s  c  w  (i.e.,  cos  =  ■  or  cos  =  w),  and 

4.  ys  c  y. 

A  result  of  the  match,  written  o  \  s,  is  a  sequent  Tr ;  [A,-]^.  — >  yrfor  which 

1.  Tr  =  T\TS 

2.  Ar  =  A\AS 

3.  wr  =  w  ifcog  =  ■  and  wr  =  cos  otherwise 

4.  yr  =  y 

Results  may  not  he  unique,  in  which  case  o  \  s  refers  non-deterministically  to  any  result. 


A  specialised  rule  such  as  <8>R,.  above  (4.1 1  is  treated  as  having  two  components.  The 
top  half  is  where  a  pair  of  schemas  is  used  by  a  matching  engine  against  input  sequents  to 
see  if  the  rule  is  applicable,  and  a  bottom  half  that  uses  the  results  of  the  match  to  actually 
compute  the  conclusion  sequent.  We  write  the  rule  (  4.1 )  therefore  as: 


• ;  [■]■  — »  rA  true  |  Si  =  Y1 ;  [A^  — >  •  goal 
Si  S2  • ;  [•].  — >  rB  true  |  s2  =  T2 ;  [A2]a,2  — *  ■  goal 
Ti  U  T2 ;  [A  | ,  A2]Wlvw2  — »  r  goal 

In  other  words,  the  schema  exposes  the  components  of  the  input  sequent  that  must  be 
present  for  the  rule  to  be  applicable. 
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4.1.6  Search  procedure 

Finally,  a  brief  summary  of  the  search  procedure: 


1.  Label  all  subformulas  of  the  goal  sequent,  and  decorate  using  signs  and  availabilities. 

2.  Determine  all  initial  sequents  for  atomic  formulas  with  both  signs. 

3.  Specialize  all  left  rules  for  negative  subformulas,  all  right  rules  for  positive  subfor¬ 
mulas,  and  instances  of  the  "copy"  rule  for  unrestricted  subformulas. 

4.  Starting  from  the  initial  sequents,  apply  the  inference  rules  in  any  order  that  is 
guaranteed  to  saturate  the  search  space.  Add  new  facts  to  a  database  used  for 
forward  subsumption.  As  an  optimization,  after  applying  all  possible  rules  for  a 
given  sequent,  mark  the  sequent  as  "old",  and  never  consider  it  for  generating  new 
facts  again.  Thus,  the  unmarked  sequents  form  the  active  fringe  of  the  database. 

5.  Stop  when  the  goal  sequent  is  matched,  using  the  conditions  of  the  completeness 
theorem  (theorem  3.21[).  Otherwise,  if  no  rules  apply,  abort  the  search  procedure. 

The  particular  saturating  search  strategy  we  use  is  the  OTTER  loop  K60l.  The  procedure 
maintains  two  continually  updated  sequent  databases. 


Definition  4.17  (Sequent  databases). 

1.  The  kept  sequents  database  (often  referred  to  as  the  set  of  support  in  the  literature  /f35lf) 
contains  new  sequents  that  have  not  been  subsumed,  but  are  not  yet  being  considered  for 
ride  applications. 

2.  The  active  sequents  database  that  contains  all  sequents  that  should  be  considered  for  rule 
applications. 


At  the  start  of  each  round  of  the  OTTER  loop,  a  sequent  s  is  selected  (and  removed) 
from  the  kept  sequents  database  and  inserted  into  the  active  sequents  database.  This 
process  sometimes  goes  by  the  name  of  "activation".  Subsequently,  all  specialised  rules 
are  matched  against  s  as  the  first  premiss,  and  if  any  matches  succeed,  then  the  remaining 
premisses  of  those  rules  are  matched  against  all  sequents  in  the  active  sequents  database. 
This  is  repeated  until  all  the  premisses  of  rules  that  have  successful  matches  are  satisfied 
and  conclusions  produced  from  these  rules.  The  collection  of  conclusion  sequents  are 
then  compared  against  all  past  sequents  that  were  inserted  into  the  kept  database,  and 
those  sequents  that  are  not  subsumed  are  inserted  into  the  kept  database. 
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A  great  deal  more  can  be  said  about  the  details  of  the  implementation  of  the  OTTER 
loop,  but  we  will  instead  delay  the  presentation  of  the  engineering  details  until  after  we 
have  presented  the  focusing  calculus.  Much  of  the  novelty  of  our  variant  of  the  OTTER 
loop  comes  from  the  the  way  we  handle  rules  with  several  premisses.  For  more  details, 
please  see  chapter  [6j  Completeness  of  the  OTTER  loop  is  a  well  known  proerty  11601, 
requiring  only  the  following  properties  of  the  implementation. 

Property  4.18  (Fair  selection).  Every  sequent  in  the  kept  sequents  database  is  eventually  selected 
for  insertion  into  the  active  sequents  database. 

Property  4.19  (Fair  application).  If  a  ride  can  be  fully  satisfied  by  sequents  in  the  active  sequents 
database  (in  any  order),  then  the  conclusion  of  this  ride  is  eventually  considered  for  insertion  into 
the  kept  sequents  database. 


4.2  Proof  extraction 


As  stated  in  the  introduction  (chapter  |TJ),  a  main  design  goal  of  this  work  is  to  produce 
provers  that  are  able  to  certify  their  proofs,  i.e.,  produce  independently  verifiable  proof 
objects.  We  have  already  seen  a  syntax  for  backward  sequent  derivations  in  chapter  2. 
This  syntax  used  explicit  variables  for  the  hypotheses,  which  made  extracting  a  natural 
deduction  proof  object  from  them  a  fairly  trivial  process  (sec.  2.2.1|). 


However,  in  the  forward  direction  we  have  no  notion  of  hypothesis  variables.  In  fact, 
multiple  occurrences  of  a  resource  are  abbreviated  into  a  single  label  with  an  associated 
multiplicity,  and  the  matching  condition  simply  subtracts  from  the  multiplicity  of  these 
resources.  Thus,  in  the  forward  direction  we  lack  a  way  to  refer  to  any  particular  hy¬ 
pothesis,  but  must  instead  settle  for  the  much  weaker  form  of  just  referring  to  the  label 
itself. 


Fortunately,  in  the  propositional  case,  this  is  enough  information  to  reconstruct  a 
natural  deduction  proof  deterministically.  The  key  observation  is  that  whenever  a  resource 
needs  to  be  matched  in  a  premiss,  it  is  sufficient  to  simply  select  the  first  resource  that 
matches.  This  gives  us  a  backward  derivation  from  which  the  natural  deduction  proof 


object  can  be  extracted  as  in  sec.  2.2.1 
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Syntax  of  forward  derivations  Forward  derivations,  written  as  Df,  have  the  following 
syntactic  forms  with  the  obvious  correspondences 


init(p)  copy (Df,  l  #  A) 

®R(Df,D'f;r#A®B )  ®L(Df,lA#A,lB#B  ;l#A®B)  lR(r#l)  lL(Df;l#l) 

-O R(Df ,  /  #  A ;  r  #  A  -o  B)  -oL(Df,  (Df  l#B);V#A-oB) 

&R(Df,D'f;r#A&B)  &cLi(Df,l#Ai-,l'#A1&cA2)  TR(r  #  T) 

®R,(Df,r#Al;  r'  #A^  ©A2)  ®L((Df,lA#A),(D'f,lB#B)-,l#A®B)  0L(/#0) 

\R(Df;r#lA)  \L(Df,l#  A  ;/'#  !A) 


Definition  4.20  (Forward  labelled  sequent).  A  forward  labelled  sequent  is  like  a  forward  sequent 
with  every  proposition  labelled.  That  is,  it  has  the  following  shape: 


Ml  ■■  lul  $  A\,  .  .  .  ,  Um  ..  lum  $  Am  ,  [V\  .  //i  tt  B\,  .  .  .  ,  Vn  ..  ljn  tt  B,;]j 

' - - '  ' - ' 

r,  A, 


r  #  C 


n 


Definition  4.21  (Forward  derivations  to  backward  derivations).  We  define  the  translation  of  a 
forward  derivation  of  the  sequent  representation  Dr ::  T, ;  [Ar]u,  — >  yr  to  a  forward  derivation  of  a 
labelled  sequent  Df  ::  Ti ;  [A/]a  — >  yi,  written  as  Dr ::  T,- ;  [Ar]a  — >  yr^Df  ::  r;;[A/]a,  — >  yx 
by  means  of  the  suitable  deterministic  rides.  Some  typical  examples  of  such  rules: 


u  fresh 


init 


init(p)  ::  ■ ;  [p1  # p] o  — >  p  init(u:p)  ::  ■ ;  [u:p  # p] o  — >  p 

Dr::Tr;  [Ar,  lk  #  A]w  — >  yr  Df  ::  T, ;  [A/,  v  :  A]zv  — >  yx  u  fresh 
copy(Dr,  l  #  A)  ::  Yr  U  l  #  A ;  [AJV  lk~x  #  A]a,  — >  vr  ^  copy(v.  Df ;u  :  A)  ::Ti,u:A}  [A;]a  — >  V; 


c°py 


D,-  ::  T,. ;  [Ar]a  — >  A  Df  ::  T/ ;  [A/]w  — >  A 

::  r;. ;  [a;w  — >  b  d;  ::  r; ;  [a;w  — *  b 

- - - - ^>®R 

®R(D(V  £>; ;  r  #  A  ®  B)  ::  r,.  U  r;. ;  [A,.,  A  'r]wyw - >  A®  B 

<g>  R(Dh  D\)A®  B)  ::  T/UfJ;  [A,,  A|]wv«/  — »  A  0  B 
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Given  a  forward  labelled  sequent  s f,  define  ‘[s  f)  as  the  forward  sequent  produced  by 
erasing  all  the  subformula  labels.  We  then  have: 

Theorem  4.22  (Soundness  of  proof  extraction).  IfDr  ::  Tr ;  [A,,]a,  — >  yr  and 
Dr ::  Tr ;  [A,.]a,  — >  yr  Df  ::  T, ;  [A/]w  — *  yh  then  Df  ::  <T, ;  [A,]a,  — >  yf>. 


Proof.  By  induction  on  the  structure  of  Df  and  definition  |4.21| 


□ 


Once  we  are  able  to  extract  a  standard  forward  derivation  of  a  forward  sequent,  we 


simply  appeal  to  theorem  3.9  to  extract  the  corresponding  backward  derivation,  then 


definition  |2 .24  to  extract  the  corresponding  natural  deduction  proof  from  it. 

The  actual  implementation  of  the  proof  extraction  procedure  does  not  take  this  long 
tour  through  a  number  of  sequent  calculi,  but  instead  directly  extracts  the  natural  de¬ 
duction  proof  from  the  forward  sequent  calculus.  This  process  is  not  formalised  here 


because  it  amounts  to  performing  the  steps  in  definition  2.24  in  tandem  with  the  proof  of 
theorem  |3.9|  which,  although  tedious,  is  a  straightforward  process. 


4.3  Historical  review 

Historically,  the  inverse  method  for  classical  (non-linear)  logic  owes  its  development  to 
Maslov  1731.  Subsequently,  Voronkov  11161.  Mints  Ii84l,  and  more  recently  Tammet  fl08, 
1110]  have  adapted  it  for  non-classical  and  intuitionistic  logics,  though  not  for  linear  logic. 
Mints  l83l  has  investigated  resolution  calculi  for  classical  linear  logic,  but  his  methods 
don't  have  an  immediate  application  to  the  inverse  method.  Many  elements  of  the  inverse 
method  are  described  well  in  the  handbook  article  on  this  topic  1351 

The  material  in  this  chapter  has  been  published  in  a  more  preliminary  form  in  |28|. 
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Chapter  summary  In  this  chapter  we  have  presented  the  inverse  method  algo¬ 
rithm  that  accompanies  the  forward  calculus  of  the  previous  chapter.  The  key  concept 
in  the  inverse  method  is  to  use  the  subformula  property  to  construct  specialised  rules 
for  labelled  subformulas.  A  full  small-step  prover  can  in  fact  be  constructed  from 
this  outline,  and  we  present  such  a  prover  (named  lipf)  in  chapter^ 


In  the  next  chapter  the  forward  sequent  calculus  will  be  extended  to  the  fidl  first- 
order  setting.  The  updates  to  the  inverse  method  in  the  presence  of  quantifiers  will 
be  discussed  from  sec.  5.4  onwards. 
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Chapter  5 

First  Order  Quantification 


In  this  chapter  we  will  consider  the  problem  of  extending  the  propositional  forward 
sequent  calculus  and  the  inverse  method  implementation  based  on  that  with  first-order 
quantifiers.  The  primary  problem  in  the  presence  of  quantifiers  is  the  need  to  deal  with 
term  variables  for  which  syntactic  equality  has  to  be  relaxed  to  unifiability.  In  other  words, 
equalities  are  not  manifestly  present,  but  arise  as  a  result  of  computation  of  unifiers. 


We  follow  here  the  "recipe"  laid  out  in  the  chapter  on  the  inverse  method  in  the 
Handbook  article  l35l.  First  we  present  a  ground  forward  calculus  with  no  free  variables. 
This  calculus  will  not  be  implementable  because  it  will  have  fully  instantiated  initial 
sequents  that  cannot  be  computed  directly  as  subformulas  of  the  goal  sequent.  This 
calculus  will  be  shown  to  be  sound  and  complete  with  respect  to  the  first-order  backward 


sequent  calculus  of  section  2.1.4  Next,  a  lifted  version  of  this  calculus  will  be  constructed 
which  will  have  instantiable  variables.  We  will  then  show  that  any  derivation  in  the 
ground  calculus  is  merely  an  instance  of  a  corresponding  derivation  in  the  lifted  calculus. 
The  completeness  theorem  will  then  be  in  terms  of  not  only  finding  a  possibly  stronger 
form  of  the  goal  sequent,  but  also  a  possibly  more  general  sequent. 


When  applying  the  "recipe"  for  linear  logic,  we  have  to  consider  several  complications 
having  to  do  with  linearity.  The  most  important  of  these  complications  is  that  for  binary 
additive  rules  the  two  input  linear  contexts  have  to  be  compared  not  just  for  equality 
but  for  unifiability.  The  problem  amounts  to  unifying  multisets  of  predicates.  There  are 
several  ways  to  solve  this  problem;  we  proceed  by  observing  that  uniting  two  contexts  is 
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a  kind  of  factoring  of  common  sub-contexts.  We  therefore  present  this  context  unification 
directly  in  terms  of  an  algorithm  for  contraction. 


The  rest  of  this  chapter  is  structured  as  follows.  In  sec.  5.1  we  extend  the  subformula 
properties  of  earlier  chapters  to  the  first-order  case,  and  introduce  the  concept  of  free 


subformula.  In  sec.  5.2  we  present  the  ground  forward  calculus  and  prove  it  sound  and 


complete  with  respect  to  the  backward  calculus  of  sec.  2.1.4  In  sec.  5.3  we  lift  this  calculus 


to  free  variables  and  prove  the  important  completeness  theorem  (thm.  5.23).  We  then 


switch  to  implementation  details.  In  sec.  5.4  we  show  how  we  represent  sequents  in  this 


lifted  forward  calculus,  and  in  sec.  5.5  describe  how  we  implement  subsumption  and 
indexing.  The  chapter  concludes  with  a  discussion  of  the  modifications  to  the  inverse 
method  of  chapter  |4]to  memoise  partially  applied  multi-premiss  rules  in  sec.  5.6 


5.1  Quantification  and  the  subformula  property 


As  stated  in  section  2.1.4|  we  extend  the  language  of  propositions  with  first-order  quan¬ 
tification  over  a  language  of  untyped  terms 


(terms) 


s,  f, . . . 


f(h,  h,  ■  ■  ■  /  In) 


where  x  ranges  over  a  countably  infinite  set  of  variables,  and  /  over  a  collection  of  function 
symbols.  We  also  extend  the  language  of  propositions  with  universal  (V)  and  existential 
(3)  quantification  over  these  terms.  Thus,  we  must  now  extend  the  subformula  relation 
to  handle  quantification.  We  adopt  the  easy  extensions  of  the  definitions  of  (partial) 
decoration  (definitions  |4.1[|4~2|  and|4.3|>. 

Definition  5.1  (First-order  decorated  subformula  relation).  We  extend  the  definition  of  signed 


decorated  subformula  relation  for  the  propositional  case  (defn.  4.4)  with  cases  for  the  first-order 
quantifiers. 


[a/x\A+  <  (Vx.A)+ 
[t/x\A+  <  (3x.A)+ 


[t/x\A  <  (Vx.A)“ 
[a/x\A~  <  (3x.A)“ 


where  t  ranges  over  arbitrary  terms,  and  a  ranges  over  parameters,  i.e.,  uninterpreted  global 


constants.  We  also  adopt  the  standard  abuses  of  notation  as  in  defn.  4.4 
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The  decorated  subsequent  relation  is,  once  again,  adopted  from  the  propositional  case 
(defn.  |4.5|).  Recall  (defn.  4.1[>  that  a  subscripted  i  indicates  that  the  subformula  may  be 
copied  into  the  unrestricted  context. 


Theorem  5.2  (Subformula  property).  IfT' ;  A'  ==>  C  appears  in  a  proof  of! ;  A 

rr  u  a':  u  c,+  <  rr  u  a:  u  c+ 


C,  then: 


Proof.  The  proof  is  by  induction  on  the  structure  of  D  ::  T ;  A  =>  C,  as  for  the  proof  of 
thm.  5.2|  but  we  now  have  to  account  for  the  cases  of  the  first-order  quantifiers.  The 
induction  hypothesis  is  applicable  whenever  we  have  a  smaller  sequent  in  the  subsequent 
relation.  To  illustrate,  here  is  the  case  of  VR. 


T ;  A  =>  [a/x\A 
T  ;  A  =>  Mx.A 


\/Ra 


Let  a  parameter  a  be  given.  Then  [a/x\A  <  ix.A,  so  using  the  induction  hypothesis  every 
sequent  in  the  proof  of  T  ;  A  =>  [a/x]A  contains  sub  formulas  of  T“  U  Ar  U  ([fl/x]A)+,  which 
is  a  subset  of  the  subformulas  of  T“  U  Ar  U  (Vx.  A)+.  A  similar  argument  is  used  for  the 
other  quantifier  rules.  □ 


To  simplify  matters,  for  the  rest  of  this  work  we  will  adopt  the  convention  of  consid¬ 
ering  only  rectified  goal  sequents  11551. 

Definition  5.3.  A  proposition  A  is  rectified  if 

(a)  all  first-order  quantifiers  in  A  bind  a  different  variable;  and 

(b)  every  bound  variable  in  A  has  no  free  occurrence  in  A. 

A  collection  of  propositions  is  rectified  if  all  members  of  the  collection  are  rectified,  and  furthermore 
all  bound  variables  are  distinct  across  the  entire  collection.  A  sequent  is  rectified  if  the  collection  of 
propositions  on  the  left  and  right  of  the  sequent  arrow  is  rectified. 


Rectification  allows  us  to  define  a  second  kind  of  subformula,  sometimes  called  free 
subformula  1551,  to  refer  to  the  sub-units  of  a  given  proposition  syntactically.  This  subfor¬ 
mula  relation  has  no  associated  subformula  property,  but  it  is  necessary  in  the  definition 
of  lifted  forward  sequent  calculus. 


Ill 


Definition  5.4  (Free  subformulas).  The  free  subformula  relation  «:  on  propositions  is  the 
reflexive-transitive  closure  of  the  following  rules: 

A<<c(A*B)  B<<c(A*B)  A  «:  !A  A<<cVx.  A  A  <<c  3x.  A  . . .  *  G  {®,&,©,-o} 


5.2  Ground  forward  sequent  calculus 


We  begin  first  by  constructing  a  forward  calculus  with  no  instantiable  free  variables  or 
unification.  That  is  to  say,  in  this  calculus  all  equalities  will  be  manifestly  syntactic  and 
no  equalities  can  be  induced  in  the  computations  involved  in  rule-application.  This  will 
not  be  an  implementable  calculus  because  there  will  (generally)  be  infinitely  many  initial 
sequents  because  the  subformula  relation  in  the  presence  of  quantifiers  is  infinite.  But,  it 
is  a  necessary  step  in  establishing  the  completeness  of  a  lifted  calculus  with  free  variables 
in  section l53l 


We  adopt  the  same  sequent  structure  in  the  first-order  setting  as  in  sec.  3.2  Most  of 
the  rules  of  the  calculus  are  presentationally  identical  to  the  rules  in  that  section,  so  we 
shall  list  here  only  the  differences.  First  the  new  additions  -  the  quantifier  rules. 


r ;  [A]a 


[a/x\A 


T;[AL 
r ;  [A]w 


•  Vx.  A 
[t/x\A 


r ;  [A], 


3 x.  A 


TRa 


3  R 


r ;  [A,  [t/x\A\, 


y 


r  ;  [A,  Vx.  A]w  — >  y 
r  ;  [A,  [a/x\A]w  — >  y 


VL 


T ;  [A,3x.  A]s 


y 


3Ln 


As  usual,  the  superscript a  in  Hi  and  3L  denote  that  the  parameter  a  does  not  occur  in  the 
conclusion  of  the  sequent. 


Initial  sequents  need  to  account  for  the  term  arguments  to  the  atomic  predicates. 

init 


■ ;  [p(f)l o  — *  pit) 


No  search  procedure  can  generate  these  sequents  a-priori  as  t  are  terms  produced  by 
the  subformula  relation.  Because  there  are  infinitely  many  terms,  there  are  infinitely  many 
subformulas  of  (3x.  p(x))+ ,  for  example,  each  of  the  form  p(t)  for  some  term  t,  and  therefore 
infinitely  many  initial  sequents  that  can  derive  • ;  [3x.  p(x)]0  — >  3x.  p(x).  The  "init"  rule 
should  therefore  be  read  as  assigning  arguments — restricted  by  the  subformula  relation, 
of  course — to  the  atomic  predicates  for  which  the  left  and  right  are  equal. 
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The  multiplicative  and  exponential  rules  are  the  same  as  in  sec.  3.2  For  the  additive 
rules,  the  notion  of  additive  composition  must  be  extended  in  the  first-order  setting.  It  is 
certainly  possible  to  give  a  definition  such  as  the  following  even  in  the  first-order  setting: 


[A]n;  +  [A  \w> 


[A]0 

if  w  -  w'  -  0  and  A  =  A' 

[A]0 

if  w  -  0,  w'  -  1  and  A'c  A 

[A']0 

if  w  =  1,  w'  =  0  and  A  c  A' 

[A  u  A']i 

if  w  -  w'  =  1 

When  lifted  to  free  variables,  however,  this  analysis  breaks  down  because  we  have  to  deal 
with  unifiability  rather  than  equality  of  propositions.  The  test  A  =  A'  might  be  provable 
in  different  ways  using  incompatible  substitutions,  and  there  will  generally  be  many 
possible  ways  to  compute  A  U  A'.  Foreshadowing  these  complications,  we  abandon  this 
declarative  presentation  and  instead  present  the  compatibility  of  contexts  as  an  algorithm; 
this  will  also  ease  the  proof  of  completeness  of  the  lifted  calculus. 


Definition  5.5.  Additive  contraction  of  two  linear  contexts  [Ai]iyi  and  [A2\W2  to  produce  a  third 
linear  context  [A]Z(„  written  [A|]I()|  +  [A2]a,2  [A]j„,  is  governed  by  the  following  rides. 


No  +  No  ^  Nc 


00 


01 


[A]0  +  Ni  ^  [A]o  No  +  [A]i  ^  [A]0 

[AiJkjj  +  [ A2 ] [A,  A]^, 


10 


11 


[A]i  +  [A']i  [A,  A']i  [A\,A\Wl  +  [A2,A]Wl  ^  [A ,A]S 

The  contexts  [A|]W|  and  [A2\W2  are  additively  compatible  if  they  can  be  additively  contracted. 


Note  that  is  non-deterministic  because  the  fourth  and  fifth  rules  overlap. 
Lemma  5.6  (Simple  properties). 

1.  If  [Ai\Wl  +  [A2]jp2  [A]ry,  then  [A2]j,,2  +  [A^]^  [A]r[;. 

2.  If[ Ai]i  +  [A2]q  ^  [A]^,  then  A\  c  A2. 

3.  If[ Ai]o  +  [A2]i  [A\w,  then  A2  c  A2. 


Proof.  Each  property  can  be  proved  by  simple  induction  on  the  derivation  of  □ 

The  result  of  additive  contraction  of  two  weak  contexts  is  not  necessarily  equal  to  the 
least  upper  bound  (U),  but  it  certainly  contains  the  least  upper  bound. 
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Lemma  5.7.  If  [Ai]i  +  [A2]i  [A]x,  then  Ai  U  A2  c  A  c  Alr  A2. 

Proof.  Use  the  rule  to  contract  the  elements  of  (A|,  A2)\A.  □ 

We  write  the  additive  rules  using  the  additive  contraction  judgement  as  follows  (for 
the  example  of  &cR ): 

r  1  )  [Ajjjyj  >  A  T2  [A2]iy2  *  B  [Ajjjyj  +  [A2]h;2  [A]^ 

TlrI2;[A\w^A&:B 


The  full  complement  of  rules  is  given  in  figure  5.1  In  establishing  soundness,  we  ex¬ 
tend  the  (-)0  mapping  from  forward  to  backward  derivations  to  account  for  the  quantifier 
rules. 


Definition  5.8  (Forward  derivations  to  backward  derivations).  The  mapping  from  forward 


to  backward  derivations  (defn.  3.1  >  is  extended  to  handle  the  quantifier  rules  in  the  usual  fashion. 


Theorem  5.9  (Soundness  of  forward  derivations). 


1.  If  Vf  ::  T  ;  [A]0  — >  C,  then  (Df)°  ::  T  ;  A  =>  C. 

2.  IfDf  ::  T ;  [A]x  — ■>  y,  then  for  any  A'  □  A  and  C  □  y,  (fDf)°  ::  T  ;  A'  =>  C. 


Proof.  By  induction  on  the  structure  of  Df.  The  proof  is  a  natural  extension  of  the  proof 
of  theorem  3.9  The  major  departures  are  for  the  quantifier  rules  for  which  we  need  to 
allow  the  induction  hypothesis  to  be  applicable  for  ^-renaming  of  the  free  variables  of 
smaller  sequents,  and  for  the  uses  of  the  contraction  judgement.  The  following  are  some 
representative  cases. 


Case  <S>R: 


tDfi  "  T i ;  [Ai]n!l  — >  A  Dpi ::  T2  ;  [A2] 


W2 


B 


®R(fDfi,tDf2  ;  A  <g)  B)  ::  U  u  T2  ;  [Ai,  A2] 


WjVUh 


A®B 


®R 


Note  that  ( ®R(Df\ ,  D/2 ;  A  ®  B))°  =  ®R((tDf1)°,  (D/2)0  ;A®B). 

Subcase  w1  =  w2  =  0.  In  this  case, 

(lDfi)°  ::  Ti ;  Ax  =»  A  i.h. 

U  U  T2 ;  A j  =>  A  lem.|5.6|and  weakening 

(T)f\)° ::  Ti  U  T2 ;  A2  =>  B  similarly 

®R((Dfl)°,  ( Df2)° ;  A  ®  B)  ::  U  U  T2  ;  Ai,  A2  =>  A  ®  B  ®R 
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Judgemental 


;  [p(i)]o  — *  p(t) 


T;[A]W-^A  F;[  A% 


init 


F ;  [A,  A] 


W  'Y  co py  r,A,A;[ A]a 


7 


r,  A  ;  [A];xi  >  y 

Multiplicative 


T,A ;  [A]  n 


7 


factor 


B 


r,F ;  [A,  A'] 


wWw' 


A®B 


®R 


T;[A,A,B]-U 


7 


r  ;  [A,  A  ® 1  B]w  >  y 

7  [A]a,  >  y 


®L 


T  ;  [\Aj\i  — »  y 
T ;  [A,Ai  ®A2]i  — >  y 


®L' 


1 R 


■ ;  [  ]o  — » l 

r ;  [A,  AJa, — >  y  B  2  y 


1L 


r ;  [A,  l]w  >  y 

7 ;  [A]x  — >  B 


r ;  [A]ro  — >  A-oB  T ;  [A]j  — >  A -o  B 

r ;  [A]n,  — >  A  T' ;  [A' ,B]W>  — >  C  T 


-oR' 


r,T' ;  [A,  A',  A  -o  B]r„vr()' 

Additive 


C 


r  ;  [A]a,  — >  A 

r  ;  [A']w>  — >  B  [A]^  +  [A']a/  [A"]a 

r,  F ;  [A"la> - -  A  &  B 

r;[A]w— >A,- 


&R 


r  /  [A,  A/]j()  >  y 

r ;  [A,  Ai  &  A2]a,  — >  y 


&L, 


®Ri 


T ;  [A]a,  — >  Aa  ®  A2 
r ;  [A,A]a,  — >Y  r ;  [A]w  — ■>  y 

F  ;  [A']a,/  - »  y'  [A]ai  +  [A']a>'  [A"]a>"  F  ;  [A',BV  - *  y'  [A]a>  +  [A']a/  [A"]a 

®L 

TR 


T,T’ ;  [A",  A  ®B]V - >yUy' 

•;[-h— >T  ;[0h 

Exponential 


r,r  ;  [A",A®B]W - >  y  U  y' 

-  0  L 


r;[-]B 


A 


r;[-]0— >!A 


!  R 


r ;  [A]a 


7 


T\A ;  [A,  !A]a;  — >  y 


!  L 


r ;  [A]a,  — 

->  [a/x\A 

VR' 

r ;  [A]n,  - 

-»  Vx.  A 

r ;  [Ala,  — 

->  [f/x]A 

3R 

T ;  [A]  a,  — 

3x.  A 

Quantifiers 


r ;  [A,  [f/x]A]w — >y 
-  VL 


r ;  [A,  Vx.  A]Ki  — *  y 
T ;  [A,  [fl/x]A]a>  — >  y 


□L" 


T  ;  [A,  3x.  A] ai  — >  y 

Figure  5.1:  Rules  for  the  ground  forward  first-order  calculus 


©L' 
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i.h. 


Subcase  W\  =  1.  Then,  Wi  V  zt>2  =  1,  so  let  A'  □  A2  =  A  be  given. 

(D/i)° ::  Ti ;  A'\A2  ==>  A 
(£)/i)°  ::  Ti  U  T2  ;  A'\A2  =>  A  lem.|5.6|and  weakening 

(D/i)0  Ti  U  r2  ;  A2  =>  B  similarly 

0R((£>/i)0,  (£>/2)° ;  A  0  B)  ::  Tj  U  T2  ;  A'  =>  A  0  B  0R 

Case  VR: 


£>/  ::  T  ;  [A]^  — >  [a/x\A 
\/R(Df,a  ;  Vx.  A)  ::  T  ;  [A]u,  — >  Vx.  A 


Consider  the  case  of  zt>  =  0.  Let  a  parameter  &  be  given,  that  is  to  say,  let  b  be  such 
that  it  does  not  occur  in  the  conclusion  T ;  [A]a,  — >  Vx.  A.  Because  the  induction 
hypothesis  is  applicable  for  all  ^-renaming  of  the  given  sequent,  we  have. 

[b/a\(Df)°  ::  T  ;  A  =>  [b/x\A  i.h. 

VR([b/a](Df)°f  b ;  Vx.  A)  ::  T ;  A  =>  Vx.A  VR 

We  then  note  that  derivations  are  equal  up  to  u-renaming,  so  (VR(D^,  a ;  Vx.  A))0 
=  TR((!Df)°ra  ;  Vx.A).  The  case  of  w  =  1  is  similar. 

Case  3R: 


"  T ;  [A]^  — >  [t/x\A 
3R(Df,  t ;  3x.  A)  ::  T  ;  [A]a,  — ■>  3x.  A 


3R 


Again,  let  us  take  the  case  of  w  =  0.  We  have: 

(. Df)°  ::  T  ;  A  =>  [f/x]A 

3R((£>/)°,  t ;  3x.  A)  ::  T  ;  A  =>  3x.  A  3R 

We  then  note  that  (3 R(T)f,  t ;  3x.A))°  =  3 R((!Df)°,  t ;  3x.A).  The  case  of  w  =  1  is  similar. 

□ 


For  the  completeness  theorem  we  reprise  theorem  3.11  but  extended  with  the  new 
rules. 


Theorem  5.10  (Completeness  of  forward  derivations). 
Suppose  T ;  A  =>  C.  Then, 

(a)  either  F  ;  [A]0  — ■»  C, 

(b)  or  F ;  [A']i  — >  y 
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for  some  F  c  r.  A'  c  A  and  y  c  C. 


Proof.  Like  in  the  proof  of  thm.  3.11[  we  prove  this  by  induction  on  the  structure  of  the 
derivation  T)/,  ::  T  ;  A  ==>  C.  The  following  are  the  representative  cases  for  the  exponen¬ 
tials. 


Case  MR: 


Db  ::  T ;  A  =>  [a/x\A 


MRa 


VR(Db,a  ;  Vx.  A)  ::  T  ;  A  =>  Vx.  A 

As  usual,  there  are  two  sub-cases  for  the  induction  hypothesis  on  the  premiss.  In  the 
first  case,  we  have  a  strong  sequent: 

F  ;  [A]o  — >  [a/x\A  for  some  F  c  T  case  of  i.h. 

T' ;  [A]o  — >  Vx.  A  MR  because  a  doesn't  occur  in  T'  and  A. 

In  the  other  case  we  have  a  weak  sequent.  If  the  right  hand  side  is  empty,  then  we 
are  already  done,  so  assume  it  is  non-empty. 

F  ;  [A']i  — ■>  [a/x]A  for  some  FcF  and  A'c  A  case  of  i.h. 

F  ;  [A'h  — >  Vx.  A  MR 

The  cases  of  3F,  VL  and  3L  are  very  similar.  □ 


5.3  Lifting  to  free  variables 

The  calculus  of  the  previous  section  uses  only  ground  initial  sequents,  which  is  impossible 
for  an  implementation  of  the  forward  calculus.  Continuing  with  the  "recipe"  from  |j35l,  in 
this  section  we  present  a  lifted  version  of  the  calculus  with  explicit  unification.  We  begin,  as 
usual,  by  fixing  a  goal  sequent  Tg  ;  [A^]^  — >  Cg  and  considering  only  the  free  subformulas 
of  this  goal.  In  the  presentation,  the  quantified  propositions  are  silently  ^-renamed  as 
necessary.  In  this  calculus,  every  proposition  on  the  left  and  right  is  accompanied  by  a 
substitution  for  some  of  its  parameters  or  free  term  variables.  These  substitutions  are  built 
according  the  following  grammar: 

a  ::=  e 


(substitutions) 


ora-i/a2 

o,t/x 
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(identity) 

(param-subst) 

(term-subst) 


The  parameters  and  term  variables  being  substituted  for  are  all  distinct  in  a  substitution. 
We  write  A[o]  (resp.  t[o ])  for  the  application  of  the  substitution  o  to  the  proposition 
A  (resp.  term  t)  with  free  parameters  or  term  variables.  Sequents  in  the  free  calculus 
contain  free  subformula/substitution  pairs,  written  A  ■  o.  The  sequencing  of  o  followed 
by  £,  written  o £,  has  the  property  A[oE,]  =  (A[cr])[£],  The  composition  of  9  with  every 
substitution  in  a  zone  T  or  A  (now  containing  formula/substitution  pairs)  is  written  r  0  or 
AS.  The  identity  substitution  e  will  be  elided  unless  absolutely  necessary  for  clarity. 

A  minor  novel  aspect  of  our  formulation  is  that  we  distinguish  parameters  (which  can 
be  substituted  only  for  other  parameters)  and  variables  (for  which  we  can  substitute  arbi¬ 
trary  terms,  including  parameters).  The  distinction  arises  from  the  notion  of  subformula, 
since  positive  universal  and  negative  existential  formulas  can  only  ever  be  instantiated 
with  parameters  in  a  cut-free  backward  sequent  derivation.  We  achieve  this  by  syntac¬ 
tically  distinguishing  positive  universal  and  negative  existential  subformulas  in  the  goal 
sequent  to  bind  parameters,  i.e.,  of  the  form  i a.  A  and  3 a.  A.  The  free  subformulas  of  the 
goal  sequent  will  thus  have  parameters  in  the  expected  positions. 

This  sharpening  sometimes  removes  unreachable  initial  sequents  from  consideration. 
Where  the  distinction  between  term  variables  and  parameters  is  not  relevant,  we  shall 
write  them  using  lowercase  Greek  letters  a,  f,  etc. 

Definition  5.11  (Standard  definitions). 

1.  The  domain  of  a  substitution  a  =  h/cci, . . . ,  tn/an,  written  dom(cr),  is  the  set  {<X\, . . . ,  an). 

2.  The  range  of  a  substitution  a,  written  rng(cr),  is  the  set  {«[cr]  :  a  £  dom(a)}. 

3.  The  image  of  a  substitution  a,  written  img(cr),  is  vars(rng(cr)). 

4.  Given  two  substitutions  a  =  S\/a\, . .  .,sm/am  and  6  =  h/fi,...,tn/fn  with  disjoint  do¬ 
mains,  their  composition  06  is  the  substitution  Si[@]/«i, . . . ,  sn[6]/am,  h/fii, ... ,  tn/f„.  If 
the  domains  of  a  and  6  are  not  disjoint,  then  o  is  first  restricted  to  dom(cr)\  dom((9). 

5.  Given  two  substitutions  o  =  S\ja\, ... ,  sm/am  and  6  -  h/fi, . . . ,  tn/finfor  which  dom((j)  n 
dom(@)  =  0,  their  merge,  written  oG  6,  is  Si/oti, . . .  ,sm/am,  h/fii, ... ,  tn/fn. 

6.  A  substitution  o  agrees  with  a  substitution  9  on  a  set  of  parameter  and  term  variables  V  if 
for  every  a  £  V,  a[a ]  =  a[9 ]. 

7.  The  restriction  of  a  substitution  o  to  a  set  of  parameter  and  term  variables  V,  written  a \v 
is  a  substitution  with  domain  dom(cr)  n  V  that  agrees  with  a  on  V. 
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The  standard  notion  of  most  general  unifier  carries  over  in  a  straightforward  way  to 
this  slightly  more  general  setting. 

Definition  5.12  (Most  general  unifiers). 

1.  The  most  general  unifier  of  t\  and  t2,  written  mgu(f  i,  t2),  is  a  unifier  9  such  that  for  any 
other  unifier  o  oft\  and  t2r  there  is  a  E,  such  that  o  =  9E. 

2.  The  most  general  unifier  of  lists  of  terms  t\  and  t2  of  equal  length,  written  mgu(h,  t2),  equals 
mgu(*(h),  *(f^))  where  ★  is  some  function  symbol  not  occuring  in  t\  and  t2. 

3.  The  most  general  unifier  of  a  and  9,  written  mgu (a,  9),  equals  mgu(x[cr],x[@])  where 
x  =  dom(cr)  U  dom(@). 

Theorem  5.13  (Existence  of  most  general  unifiers).  If  two  terms  t\  and  t2  are  unifiable,  then 
mgu (h,  t2)  exists.  □ 

We  make  the  customary  assumption  that  substitutions  are  idempotent. 

Definition  5.14  (Idempotent  substitutions).  A  substitution  o  is  idempotent  if  oo  =  a. 

A  renaming  substitution  is  a  special  case  of  an  idempotent  substitution  for  which  each 
element  of  the  domain  is  merely  mapped  to  another  variable. 

Definition  5.15  (renaming  substitution).  An  idempotent  substitution  p  is  a  renaming  substi¬ 
tution  if: 

(a)  Every  term  variable  x  £  dom(p)  is  bound  to  a  distinct  term  variable  y;  and 

(b)  Every  parameter  a  £  dom(p)  is  bound  to  a  distinct  parameter  b. 

Renaming  substitutions  have  a  fairly  straightforward  characterisation. 

Property  5.16  (Invertibility  of  renaming  substitutions).  If  p  is  a  renaming  substitution,  then 
there  exists  a  unique  substitution  p~l  for  which  pp~l  =  p~xp  =  e.  □ 

The  definition  of  additive  contraction  needs  to  be  lifted  to  free  subformulas  also. 

Definition  5.17  (lifted  additive  contraction).  The  lifted  additive  contraction  judgment, 
written  [Ax]^  +  [A2\W2  [A]w,f,  takes  as  input  [Ax]^  and  [A2\W2  and  produces  a  contracted 

context  [A]a,  and  its  corresponding  substitution  f.  The  rides  for  this  judgment  are  as  follows. 

[■]o  +  [-W[-]o,e^°°  Mi  +  [A]o [A]0W  ^10  [A]0  +  Mi  [A]0/e  ^01 
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[Ai]i  +  [A2]i  [Ai,  A2]i,e 

6  =  mgu(gi,g2)  [Ai0]rPl  +  [A29]a,2  ^  [A]W,E 
[Ai ,  A  ■  o\]Wl  +  [A2,  A  ■  o2 \w2  ^  [A ,  A  ■  C\Q<i\w,  9E 


There  is  considerable  non-determinism  in  the  last  rule  which  stems  from  the  assump¬ 
tion  that  contexts  A  are  not  ordered.  This  non-determinism  is  in  addition  to  the  usual 
overlap  between  the  last  two  rules. 

Theorem  5.18  (Lifted  additive  contraction). 

1.  If  [A^  +  [A2]o  A then  A,E  =  A2E  =  A. 

2.  If[ Ai]i  +  [A2]o  ^  A,  E,  then  A\E  c  A2E  =  A. 

3.  JffAiJo  +  [Ai]i  ^  A,  E,  then  A2E  c  A\E  =  A. 

4.  J/[Ai]i  +  [A2]i  ^  A,  E,  then  A\E  c  A  and  A2E  Q  A. 


Proof.  Induction  on  definition  5.17  The  only  interesting  case  is  for  the  last  rule,  for 
which  we  have  the  following  cases. 


Case  W\  =  w2  =  0,  i.e., 

0  =  mgu(ff1/a2)  [Ai@]o  +  [A2@]o  [A]q  •  E 
[Ai,  A  ■  ado  +  [A2,A  ■  odo  ^  [A ,A  ■  0\9E]o  ■  @E 


Ai  9E  =  A  29E  =  A  i.h. 

Ai 9E,A  ■  0\9E  =  A 2,  A  •  o29E  =  A,  A  •  0\9E  9  =  mgu(oi,o2). 

Case  w\  =  w2  =  1,  i.e.. 


9  =  mgu(oi,g2)  [Aq0]i  +  [A20]i  ^  [A]i  •  E 
[Ai,  A  •  odi  +  [A2,  A  •  02]i  [A,  A  •  0\9E\i  ■  9E 


A M  CA2  A 29E  i.h. 

AM,  A  ■  0\9E  c  A,  A  •  0\9E  2  A 29E,A  ■  o29E  9  =  m  gu(c7i,  cr2)- 

Case  W\  -  I  and  w2  =  0,  i.e., 

9  =  00^1(01,02)  [Ai@]i  +  [A2@]o  ^  [A]0  •  E  ^ 

[Ai,  A  •  odi  +  [A2,  A  •  odo  ^  [A,  A  •  Oi9E]o  ■  9E 


Ai  9E  c  A 29E  =  A 

AM,  A  ■  oM  c  AM,  A  ■  o29E  =  A,  A  •  oM 
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i.h. 

9  =  mgu(cTi,a2). 


The  case  for  W\-  0  and  w2  =  1  is  similar. 


□ 


We  now  have  sufficient  machinery  to  give  the  rules  of  the  lifted  forward  calculus.  As 
mentioned  earlier,  we  write  the  lifted  propositions  with  their  corresponding  substitutions 
using  a  dotted  notation,  A  ■  o ,  where  A  is  a  free  subformula  of  the  goal  sequent  and  o  is  an 
(idempotent)  substitution. 

Initial  sequents  can  no  longer  require  the  two  atomic  propositions  on  the  left  and  right 
to  have  syntactically  equal  free  subformulas,  but  it  is  sufficient  for  the  two  propositions 
to  be  unifiable.  Thus,  the  rule  for  initial  sequents  is. 

G  =  mgu(h,  t2) 

■ ;  \p{h)  •  9] o  — »  P(h)  ■  9 

This  rule  is  not  actually  sound,  because  t\  and  t2  are  computed  from  free  subformulas, 
they  may  inadvertently  share  variables.  We  have  to  force  the  variables  in  t\  and  t2  to  be 
distinct  by  renaming  one  of  them  to  fresh  variables.  Thus,  the  actual  "init"  rule  we  use  is: 

9  =  mgu(ti[p],  t2)  .  . 

- ^ ^ - mit 

■ ;  \p(h)  ■  p9] o  — »  p(t2)  •  9 


We  use  p  to  stand  for  renaming  substitutions,  that  is,  substitutions  whose  range  is  disjoint 
from  all  other  variables  occurring  in  the  inference  rule.  In  particular,  rng(p)  is  distinct  from 
the  variables  in  t2.  The  variables  in  a  sequent  may  always  be  renamed  to  fresh  variables 
using  the  following  rule. 


T ;  [A]„,  — »  y 
Tp;[Ap]w  — »  yp 


rename 


For  binary  rules  we  have  to  ensure  that  the  operands  of  the  binary  connective  are 
unifiable,  and  if  so  we  assemble  a  conclusion  using  the  most  general  unifiers.  For  example, 
for  <g>R,  the  rule  is  as  follows: 

T ! ;  [A]Wl  — »  A  ■  G\  T' ;  [ A']W2  — »  B  ■  o2  9  =  rngu^,  o2)  ^ 
T&Ttf-AAtd'AtfUvu*  — »  A®B-od  ®R 

In  order  for  this  rule  to  be  sound,  we  require  the  two  premisses  Ti ;  [A]IWl  — »  A  ■  0\  and 
T' ;  [A']W2  — »  B  ■  o2  so  share  no  free  variables.  Note  that  A  and  B,  being  free  subformulas 
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of  the  goal  sequent,  can  share  variables;  however,  the  result  of  the  substitutions  A[o i]  and 
£>[02]  are  forbidden  to  share  any  free  variables;  similarly  for  the  propositions  on  the  left  of 
the  sequent  arrow.  Sequents  can  be  renamed  using  "rename"  as  necessary  to  ensure  that 
the  free  variables  are  disjoint. 

For  additive  rules  we  make  use  of  the  lifted  additive  contraction.  For  example,  for  &:R 
we  have  the  following  rule. 


ri^Ai]^  — »A-0! 


r2 ;  [A2]n,2  — »  B  ■  02  9  =  mgu(cTi,  of)  [Ai 9]Wl  +  [A 29]W2  ^  [A]w  ■  i 

Tl^Y2^;[A]w^A&cB-om 


&cR 


The  full  set  of  rules  is  in  figures  5.2  5.3  and  5.4 
follows: 


The  notation  y  U  y'  is  understood  as 


y  u  y 


if  y  -  y'  -  ■ 
<  y  if  y  =  • 

/  if  y  =  ■ 


In  these  rules  we  use  (T ;  [A]k,  — »  y)9  as  a  shorthand  for  19 ;  [A 9]w 
tions  are  assumed  to  be  idempotent  as  usual. 


■»  y9.  All  substitu- 


In  order  to  show  soundness  of  the  lifted  forward  derivations,  we  have  to  first  produce 
ground  sequents  from  lifted  sequents,  and  then  argue  that  all  ground  sequents  produced 
in  this  fashion  are  derivable  in  the  ground  calculus.  In  other  words,  a  lifted  sequent 
provides  sufficient  evidence  for  all  its  ground  instances. 


Definition  5.19  (Grounding  substitution).  A  substitution  o  is  a  grounding  substitution  for 
a  term  (resp.  proposition,  collection  of  propositions,  and  sequent)  if  for  every  free  term  variable  x 
in  the  term  (resp.  proposition,  collection  of  propositions,  and  sequent),  the  term  x[o\  contains  no 
term  variables. 


Definition  5.20  (Unlifting).  Given  a  lifted  proposition  A  ■  0,  its  unlifted  form,  written  [. A  ■  ctJ, 
is  A[a].  This  definition  is  extended  to  contexts  pointwise,  and  for  lifted  sequents  as  follows 

U ;  [AL  — »  y\  =  |TJ ;  [|AJ]W  — >  LtJ 

Theorem  5.21  (Soundness  of  the  lifted  forward  calculus).  If  s  =  T ;  [A]ro  — »  y  is  derivable 
and  A  is  a  grounding  substitution  for  s,  then  [T ;  [A]a,  — »  y\  [A]  is  derivable. 
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Judgemental 


9  =  mgu(fi[p],f2) 


init 


r  /  [A]a;  y 


■ ;  [p(t i)  •  pd] o  — »  p(f2)  •  9  (r ;  [A]w  — »  y)p 

r,A-ai,A-a2;[A]a, — »y  d  =  mgu(o1,e2) 


rename 


(r,A-ai;[A]a 


y)6 


factor 


r ;  [A]a 


Multiplicative 

A-ax  F ;  [A']«/  — »  B  ■  o2  6  =  mgu(ai, o2) 


(r,F;[A,A'W  — »A®B-<x1)0 


®R 


T ;  [A, A  ■  ai,B  •  o2\w  — »  y  6  =  mgu(cxi,a2) 


(r ;  [A,  A  0  B  ■  (TiJa 


y)G 

IK 


<8>L 


T ;  [A,  A;  •  cr]i 


7 


T ;  [A,Ai  ®A2  ■  o]  i 
T ;  [A]a,  — »  y 


y 


®L' 


■ ;  [-]o  — »  1  e  T ;  [A,  1  •  e]w  — »  y 

r ;  [A,  A  •  o\\w — >B-o2  6  =  mgu(ai,a2) 


1 L 


(T;[A]a 


T ;  [A,  A  •  o]\ 


r;[Ah 


A-o  B  ■  o 


-oR' 


A  — o  B  ■  o\ )0 
r;[Ah 


-OR 


B  ■  a 


r ;  [A]i 


A-o  B  ■  o 


Figure  5.2:  Judgemental  and  multiplicative  rules  for  the  lifted  forward  calculus 


Proof.  The  proof  is  by  induction  on  the  structure  of  the  derivation  T  ::  T ;  [A]a,  — »  y, 
using  theorem  5.18|as  needed.  In  most  cases  we  simply  have  to  note  that  the  mgu  is  more 
general  than  any  grounding  substitution.  The  following  are  few  characteristic  cases. 

0  =  mgu  (hlplh)  . 

Case  T  = - = = - init. 


• ;  [p(h)  ■  pd] o  — »  p(t2)  ■  e 


For  any  substitution  A,  txp6A  =  t29A  as  6  is  an  mgu.  Clearly,  using  the  "init"  rule, 
• ;  lp(h)[pd A]]0  — »  p(t2)[6A]. 


r  ;  [A]w  — »  y 

Case  t  =  r .  , - 7—  rename. 

(T ;  [A]a,  — »  y)p 


If  A  is  a  grounding  substitution  for  (r  ;  [A]Zi,  — »  y)p,  then  pA  is  a  grounding  substi¬ 
tution  for  T ;  [A]a,  — »  y.  Then,  by  the  i.h.,  [T ;  [A]a,  — »  y\  pA. 
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Additive 


Ti ;  [Ai]Wl  — »  A-o  i  9  =  mgu(ai,  o2) 

^2  ;  [^i]w2  — »  B  •  02  [Ai 6]Wl  +  [A29]W2  [A]w  •  E 

Wi,  r2  ;  [A\w  — »  A  &  B  •  aO0^ 


r ;  [A,  A,  •  a]w  — »  y 


&L; 


r  ^  [A]W  »  A;  •  C7 


&R 


©R; 


r ;  [A,Ai  &  A2  •  o]-w  — »  y  T ;  [A]iy  — »  A\  ©  A2  •  a 

Ti ;  [Ai,A  •  cri]Wl  — »  yi  t  =  mgu(yi,y2) 

1 2  ;  [A2/  B  ■  o2]W2  — »  y2  9  =  mgu(aiT,  o2t)  [A^]^  +  [A20]Zi,2  [A]„,  •  E 

(Ti,r2  ;  [A,  A  ®  B  ■  o2\w  — »  y  U  y')x 0£ 

Ti ;  [Ai]i  — »  yi 

r2  ;  [A2/  B  ■  o]W2  — »  y2  0  =  mgu(yi,  y2)  [Aa0]i  +  [A20]K,2  [A]w  ■  E 

-  ' 

(n,  r2  ;  [A,  A  ©  B  ■  a]w  — »  yi  U  y2)0£ 

Ti ;  [Ai ,A  •  a]Wl  — »  yi 

T2  ;  [A2]i  — »  y2  0  =  mgu(yi,y2)  [Ax0]Wl  +  [A20]i  [A]a,  •  E 

- ©L" 


©L 


(ri,r2 ;  [A,  A  ©  B  ■  o]w  — »  yi  U  y2)0f 


TR 


;  [-]i  — »  T-e 


■ ;  [0  ■  eh 


0  L 


Figure  5.3:  Additive  rules  for  the  lifted  forward  calculus 


Exponential 

r  ;  l]w  — »  A-o  LA-o;  [A]„,  — »  y  T ;  [A]0  — »  y 

r ;  Ho  — »  !A  •  cr  F ;  [A,  !A  •  a]z„  — »  y  ‘ L  T ;  [A,  !A  •  e]0  — »  y  ‘ 

Quantifier 

r ;  [AJa,  — »  [a/x]A  •  (a,  b/a)  h  T ;  [A,  A  •  (a,  f/x)]I(,  — »  y 
r ;  [A]n,  — »  Vx.  A  •  a  r ;  [A,  Vx.  A  •  a]n,  — »  y  VL 

r ;  [Ala,  — »  A  •  (cr,  f/x)  T ;  [A,  [a/x]A  •  ( o ,  b/a)]w  — »  y 

r ;  [A]a,  — »  3x.  A  •  o  dK  r ;  [A,  3x.  A  •  a]z„  — »  y 

Figure  5.4:  Exponential  and  quantifier  rules  for  the  lifted  forward  calculus 
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factor. 


Case  T  = 


T,A  •  eg,  A  ■  o2  ;  [ AL  — »  y  9  =  mgu(g1;  o2) 
(f ,A  ■  o i ;  [A]^  — »  y)6 


Suppose  A  is  a  grounding  substitution  for  (T,  A  ■  0\ ;  [A]n,  — »  y)Q.  Then  9 A  is  a 
grounding  substitution  for  (T,  A  ■  0\,  A  ■  o2  ;  [A]-,;  — »  y).  Using  the  induction  hy¬ 
pothesis,  therefore,  [T,  A  ■  eg,  A  ■  o2  ;  [A]I1;  — »  y\  [@A]. 

Case  ends  with  a  logical  rule.  The  arguments  for  these  rules  are  essentially  similar  in 
nature.  The  following  is  a  characteristic  case: 

n  ::  Ti ;  [Ai]Wl — »A-oi  6  =  mgu(ui,  o2) 

cF2::T2-,  [A2]a,2  — »  B  ■  o2  [AiS]^  +  [A2@]a,2  ^  [A]a,  ■  E, 

(T1,T2 ;  [A]n,  — »  A&cB  ■  o\)6E, 

Suppose  A  is  a  grounding  substitution  for  (Ti,  I2 ;  [A]^  — »  A  &  B  ■  a i)0£.  Then  9EA 
is  a  grounding  substitution  for  both  Ti ;  [Ai]^  — »  A  ■  0\  and  T2  ;  [A 2]W2  — »  B  ■  o2 
because  9  is  a  unifier.  Then  we  note  that  [LAJ  9£A]Wl  +  [LA2J  9E,A]Wl  [[AJ  A\w  by 
the  definition  |5.5[  and  then  use  &cR.  □ 

For  the  completeness  theorem,  the  lifted  calculus  will  produce  sequents  whose  unlifted 
form  may  be  more  general  than  that  produced  in  the  ground  calculus.  This  sort  of  proof 
is  usually  called  a  lifting  theorem  in  the  literature. 

Definition  5.22.  Given  a  context  T  =  A\, ...  ,An  and  a  sequence  of  substitutions  a  -  0\, . . . ,  on, 
write  T[o]for  the  context  Ai[ai], . . . ,  An[an\,  and  Y  ■  a  for  the  lifted  context  A\  ■  0\, . . .  ,An  ■  on. 

Theorem  5.23  (Completeness). 

Suppose  r[cr] ;  [A[f]]ry  — >  y[£\  is  derivable,  where  each  A  e  T  U  A  U  y  is  a  free  subformula  of  the 
goal  sequent.  Then  there  exist  substitutions  o',  t',  £'  A  such  that 

1.  T  ■  o' ;  [A  •  t']w  — »  y  ■  E')  and 

2.  o' A  =  o,  t' A  =  zandE'A  =  E- 

Proof.  Induction  on  the  structure  of  T  ::  T[u] ;  [A[f]]z„  — >  y[E\-  The  essential  structure  of 
this  proof  is  fairly  standard  in  the  literature;  see,  for  example,  [35].  The  following  are  a 
few  representative  cases. 
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Case  T  = 


sM  =  tU] 


init. 


• ;  [pm  T]]o  — >  p(3K] 

Let  p  be  a  renaming  substitution  and  write  0  =  mgu(sfp],  f),  which  exists  because 

pT  i±J  £  is  a  unifier  for  s  and  t.  By  "init",  therefore,  • ;  [p(s)  ■  pG] o  — »  p(t)  ■  6.  In  this 

case  A  exists  by  the  definition  of  mgu  such  that  9 A  =  pz  i±J  £. 


Case  T  = 


m-,[A  [?],A[oaU. 


r[u],A[dA];[A[f]L 


m 


copy 


By  the  induction  hypothesis  on  the  premiss,  we  pick  o',  o'A,  z',  £'  and  A  which  satisfy 
(1)  and  (2). 

r  •  o' ;  [A  •  f',A  ■  o'A]u,  — »  y  ■  i.h. 

r  •  o',  A  ■  o'A  ;  [A  •  z']w  — »  y  ■  l'  "copy" 


Case  T 


I[o\,A[o\,A'[o'\ ;  [Atf]]^  — >  y[£]  (A[a]  =  A'[o'\ ) 


r[<?]/ A[cr] ;  [A[x]]a 


ym 


factor. 


Because  A[o ]  =  A'[o'\,  we  can  choose  to  view  the  above  rule  application  as: 

T[o],A[o],A[o] ;  [A[x]]^  — >  y[£] 

T[o],A[o] ;  [A[t]]j„  — »  y[£]  aCt°r‘ 

By  the  induction  hypothesis  on  the  premiss,  we  pick  o',  oA\,  oA2,  t',  £'  and  A  which 
satisfy  (1)  and  (2).  In  particular,  oA\A  =  crA2A  =  o. 

I  -o',  A-  oa1,A  •  oA2 ;  [A  •  f']u,  — »  y  •  £'  i.h. 

Let  6  =  mgu(oA1,oA2). 

T  •  o' 9,  A  ■  oA1G  ;  [A  •  z'9]w  —»  y  •  £0  "factor" 

Because  A  is  also  a  unifier  of  crAi  and  crA2,  there  exists  a  unique  p  such  that  A  =  9p. 
This  p  obviously  satisfies  condition  (2). 

Case  T  ends  in  a  multiplicative  rule.  Consider,  for  example, 

T2  ::  TM] ;  [A^]]^  — >  A[£|vars(A)]  L2[d2] ;  [A2[f2]]W2  — >  B[£|vars(B)] 
r1::Tdo1],Tdo2];[A1[Ti],A2[i2]]WlVW2^A^B[Q 

By  the  induction  hypothesis  on  the  premisses  TA  and  TA,  we  pick  the  substitutions 
o’v  o’2,  Ty  z'2,  £a,  £b,  Ai  and  A2  such  that 
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r,  •  8\  ;  [A,  ■  ^]W1  — »  A  ■  ZJA 

(J^Ai  —  0\,  T1Ai  —  X\,  and  <UlAi  —  £|vars(A) 

r2  •  ^2 ;  [A2  •  ^'2\w2  — »  B  ■  £Jb 

o'2A2  =  02,  ^2^2  -  U,  and  £BA2  =  £lvars(B) 

Using  "rename",  we  can  guarantee  that  dom(Ai)  fl  dom(A2)  =  0.  Let0  =  mgu(^A,  £B). 
Then, 

Ti  •  o\e,  r2  •  o'2e ;  [Aa  •  f;e,  a2  •  f'  @]  W2  — »  a  0  b  ■  ue  ®r 

Now,  A  =  Ai  W  A2  is  also  a  unifier  of  E,a  and  £B,  so  there  is  a  unique  p  such  that  A  =  dp, 
and  E,aQ^  =  £aA  =  £BA  =  £B@y.  Thus,  this  p  satisfies  condition  (2),  for: 

Tx  •  o\ep  =  Tj  •  u;a  =  t1  •  d;Ai  =  ra  •  o1 


i.h.  on  T\ 
i.h.  on  T 2 


and  so  on. 

Case  The  additive  and  exponential  cases  follow  similarly. 


□ 


5.4  Labelling  and  sequent  representation 

By  the  completeness  theorem,  we  see  that  the  lifted  forward  calculus  produces  sequents 
that  are  more  general  than  their  corresponding  sequents  in  the  ground  forward  calculus. 
Therefore,  if  the  ground  forward  calculus  produces  a  derivation  that  subsumes  the  given 
goal  sequent,  so  will  the  lifted  forward  calculus.  What  remains  is  to  detail  the  algorithm 
that  computes  the  initial  sequents  and  rule  applications  based  on  a  given  goal  sequent. 

Recall  that  we  are  working  with  a  rectified  goal  sequent  T0 ;  A0  =>  Co  where  the 
positive  V  and  negative  3  bind  parameters  instead  of  term  variables.  For  labelling  pur¬ 
poses,  we  simply  assign  a  label  to  every  free  subformula  of  the  goal  sequent,  and  for 
its  arguments  give  it  the  list  of  bound  parameters  or  term  variables  that  the  subformula 
was  in  the  scope  of.  To  illustrate,  suppose  we  are  labelling  the  positive  proposition 
Vfl.  3x.  (Vy.  p(fifi),  g(y))  ©  r)  -°  q(a,x).  The  following  is  a  possible  assignment  of  labels  to 
the  subformulas. 


l0  #  Vfl.  3x.  (Vy.  p(f(a),  g(y))  0r)^  q(a,  x) 
h(a)  #  3x.  (Vy.  p(f(a),  g{y))  0  r)  -o  q(a,  x) 


127 


h_{a,  x)  #  (Vy.  p(f(a),  g(y))  ®  r)  -o  q(a,  x) 
h(a,  x)  #  Vy.  p(f(a),  g(y))  ®  r 
h(arx,y)  #  y(/(fl),g(y))®r 


As  usual,  we  do  not  label  the  atomic  subformulas.  This  labelling  obviously  induces 
equations  among  the  subformulas;  for  instance,  the  above  labelling  gives: 

Jo  =  Vfl.  Zi(fl)  l\{a)  =  3x.  l2{a,x)  l2{a,x)  =  h(a,x)  q{a,x)  h{a,x)  =  Vy.  U(a,x, y) 

We  treat  the  above  induced  equations  as  the  definitions  of  new  predicate  symbols.  For 
example,  we  view  the  above  equation  for  Z3  as  l3(a,  t )  =  Vy.  U(ar  t,  y)  for  every  parameter  a 
and  term  t. 

For  every  one  of  these  induced  predicate  definitions,  we  construct  a  new  specialised 
logical  rule.  For  instance,  if  we  have  a  definition  of  a  positive  label  l(s)  =  Zi(s)  0  l2(s),  then 
the  specialised  rule  is: 

IWtAiL, — »/i(s)-tT!  r2  ;  [A2]W2 — »h{s)-Q2  0  =  rngu(g1,g2) 

(ri,r2 ;  [Ai,  A2]l(,1vio2  ' 

In  the  case  of  quantifiers,  we  simply  perform  the  relevant  eigenvariable  check  when 
needed.  For  instance,  if  l(x,a,  y)  =  V&.  l'(x,a,  y,  b),  then  the  specialised  rule  is 

r ;  [A] a,  — »  V(x,  a,y,  b)  •  (o,c/b)  c 

T ;  [A]a,  — »  l(x,  a,  y)  ■  o  VR 

As  before,  during  proof  search  we  limit  the  applicable  logical  rules  to  these  specialised 
rules.  The  judgemental  rules,  of  course,  continue  to  be  generic  in  nature,  as  they  can  apply 
to  all  (relevant)  labels. 

To  compute  the  initial  sequents,  we  consider  all  positive  and  negative  free  atomic 
predicates,  each  renamed  to  fresh  variables,  and  look  for  pairs  of  negative  and  positive 
atomic  predicates  that  unify.  For  each  pair  we  produce  a  new  initial  sequent  according  to 
the  "init"  rule,  and  consider  it  for  inclusion  in  the  kept  sequents  database. 

As  before  with  the  propositional  inverse  method,  we  add  a  special  provision  for  linear 
hypotheses  that  appear  more  than  once.  Thus,  for  each  substitution,  we  also  store  the 
multiplicity  of  that  substitution  in  the  sequent;  that  is,  the  components  of  the  labelled 


128 


sequents  are  of  the  form  l(s)  ■  ok  where  l(s)  is  a  free  subformula  of  the  goal  sequent  and  k  is 
the  multiplicity  of  the  substitution  o.  Note  that  the  multiplicity  only  applies  to  identical 
substitutions,  not  unifiable  ones.  This  is  necessary  for  completeness  because,  even  though 
the  linear  context  may  have  two  different  unifiable  propositions,  the  result  of  "factoring" 
them  into  a  common  substitution  of  the  requisite  multiplicity  will  produce  a  sequent 
that  does  not  subsume  the  original  sequent.  Indeed,  such  an  unification  may  induce 
spurious  equalities  in  unrelated  portions  of  the  sequent.  Lifted  additive  contraction  must 
be  extended  to  handle  these  multiplicities. 

Definition  5.24  (Lifted  additive  contraction  with  multiplicities).  The  lifted  additive  con¬ 
traction  judgement,  written  [Ax]^  +  [A2]u,2  [A]ro  •  £,  takes  as  input  the  weak-flagged  [A,  ]TO| 
and  [A2\W2  and  produces  a  contracted  context  [A]u,  and  its  corresponding  substitution  t.  The  rules 
for  this  judgement  are  as  follows. 

Ho  +  Ho->Ho-e^°°  Hi  +  [A]0  ^  [A]0  •  e  [A]0  +  Hi  [A]„  •  e  ^ 

[Ai]i  +  [A2]i  ^  [Ai,  A2]i  •  e 

k  =  min(m, n)  G  =  mgu(<jx,<j2)  [Ax 9,  A  ■  OiGm~k]Wl  +  [A 2G,A  ■  o2Gn~k]W2  [A]^  •  £  ^ 

[A i,  A  •  o™]Wl  +  [A 2rA  ■  of\W2  ^  [A,  A  ■  Oi6fk]w  ■  GE, 

Here,  A,  A  ■  a0  is  understood  as  A. 

In  the  rule,  we  contract  as  many  of  the  propositions  as  possible.  Note  that  either 
m  -  k  or  n  -  k  in  the  premiss  will  be  0.  It  is  easy  to  see  that  in  the  propositional  case,  i.e., 
where  all  substitutions  are  e,  the  above  definition  amounts  to  computing  A  U  A'  where 
the  multiplicity  of  any  resource  is  the  maximum  of  its  multiplicity  in  either  input  context. 
However,  as  before,  the  rules  in  the  first  order  case  are  non-deterministic  as  the  ^  and 
overlap,  and  further  non-deterministically  selects  the  propositions  for  contraction. 

The  implementation  of  this  calculus  of  course  performs  contractions  eagerly.  That  is, 
after  every  rule  application  we  calculate  the  possible  contractions  in  the  conclusion  of 
the  rule.  This  allows  us  to  limit  the  contractions  to  binary  rules  and  consider  only  the 
contractions  between  propositions  that  originate  in  different  premisses.  This  is  complete 
because  if  two  hypotheses  were  to  be  contractible  in  the  same  premiss,  then  we  would 
already  have  generated  the  sequent  corresponding  to  that  contraction  earlier. 
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The  special  case  of  contracting  two  weak  contexts,  i.e.,  [A\i  +  [A']!,  can  be  greatly 
improved  by  first  eagerly  contracting  propositions  that  have  an  invertible  unifier.  This  is 
complete  because  a  weak  A,  A  ■  o,  A  ■  op  is  a  weakening  of  A,  A  ■  o. 

5.5  Subsumption  and  indexing 

Next  we  consider  two  of  the  most  important  issues  in  the  first-order  case.  The  first, 
subsumption,  now  has  to  admit  instantiation  in  addition  to  weakening. 

Definition  5.25  (Lifted  subsumption).  The  free  subsumption  relation  <  between  lifted  forward 
sequents  is  the  smallest  relation  satisfying 


(T ;  [A]0  — »  C  •  a)  <  (F  ;  [A']0  — »  C  •  o') 


As  mentioned  before,  the  full  subsumption  test  is  too  expensive  always,  so  in  an 
implementation  we  optimise  for  early  failure  using  a  sequence  of  hierarchical  tests  llllll. 

Definition  5.26.  The  size  of  the  context  T  =  A1  ■  cr^1,  . . . ,  An  •  of",  written  #T,  is  Yjih- 

Definition  5.27  (Hierarchical  tests).  A  sequent  s  =  T ;  [A]^  — »  y  does  not  subsume  another 
sequent  s'  -  F  ;  [A']^  — »  y',  written  s  -A  s',  if: 

1.  w  =  0  and  w'  =  1;  or 

2.  #A  >  #A',  or  #T  >  #F;  or 

3.  If  the  free  subformula  A  occurs  with  multiplicities  j\, ,  jm  (for  its  various  substitutions) 
in  A  and  with  multiplicities  k\,  ...,kn  in  A'  and  >  Y,i  hi  or  similarly  for  T  and  T';  or 

4.  If  there  is  no  9  such  that  y6  =  y';  or 

5.  If  for  some  A  ■  om  e  T  there  is  no  A  •  t"  e  F  such  that  for  no  9  is  A[o9\  =  A[t];  or  similarly 
for  A  and  A';  or 

6.  If  s  s'. 

The  following  property  is  rather  easy  to  see.  It  is  the  contrapositive  of  the  statement 
we  are  interested  in,  which  is  that  the  hierarchical  tests  must  fail  if  the  subsumption  has 


to  succeed. 
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Theorem  5.28  (Soundness  of  the  hierarchical  tests).  Ifs-fis',  then  s  s'. 


Proof.  Tests  1-3  in  defn.  5.27  look  at  the  propositional  structure  of  the  contexts;  and  tests 


4  and  5  are  both  negations  of  conditions  that  are  required  in  defn.  5.25  test  6  is,  of  course, 
exactly  the  negation  of  the  definition  of  lifted  subsumption.  □ 


Tammet  gives  examples  of  other  possible  tests  in  11111.  particularly  tests  that  consider 
the  depth  of  terms  and  statistics  such  as  the  number  of  constants,  but  we  have  found  them 
to  be  unnecessary  in  the  linear  case.  The  main  reason  is  that  linearity  considerations — step 
2  in  defn.  |5.27| — already  account  for  the  overwhelming  majority  of  failed  subsumptions. 
In  our  experience  with  many  example  problems  (see  chapter  [7]),  it  is  extraordinarily  rare 
to  have  situations  where  the  propositional  structure  would  allow  for  subsumption,  but 
subsumption  actually  fails  because  of  first-order  considerations  Q  (It  is  of  course  possible 
to  construct  problems  where  this  would  be  the  case.) 


Next  the  issue  of  indexing  into  the  sequent  database.  In  the  search  loop,  we  often  have 
to  ask  if  a  new  sequent  being  considered  for  insertion  into  the  kept  sequents  database  has 
been  generated  before  (forward  subsumption).  This  question  is  easy  in  the  propositional 
case  because  there  is  no  unification  to  worry  about,  but  in  the  first  order  case  we  have  to 
of  course  allow  for  unification.  Thus  we  have  to  construct  the  database  in  such  a  fashion 
that  we  can  efficiently  ask  for  more  general  forms  of  a  given  sequent. 

For  our  implementation  of  the  database,  we  use  a  global  forest  of  substitution  trees  Il46l 
[99 J.  Substitution  trees  are  what  is  known  as  a  perfect  filter:  the  results  of  querying  a 
substitution  tree  gives  exactly  the  answers  that  satisfy  the  query.  This  differs  from  imperfect 
filters  such  as  discrimination  trees  If30l  [29,  |74|  or  d-trees  Ii46l  where  there  may  be  extra 
results  that  are  not  relevant  to  the  query.  The  reason  for  the  imperfection  in  these  filters 
is  that  the  index  forgets  important  details  of  the  term  structure,  specifically  the  identity 
of  the  variables,  and  stores  merely  the  fact  that  a  variable  exists  in  a  given  position  in  a 
term.  Substitution  trees,  on  the  other  hand,  store  the  full  term  as  part  of  the  index,  but  use 
substitutions  to  allow  for  sophisticated  non-local  sharing  of  subterm  structure.  The  price 
of  maintaining  full  term  information  is  not  as  high  in  practice  because  substitution  trees 
are  shallower  than  discrimination  trees. 

1Note,  however,  that  a  more  elaborate  sequence  of  hierarchical  tests  might  conceivably  give  better 
performance 
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Each  sequent  that  has  to  be  inserted  into  the  kept  sequents  database  is  indexed  into 
the  substitution  tree  corresponding  to  the  label  of  the  principal  formula.  The  index 
for  this  sequent  is  the  corresponding  substitution  of  the  principal  formula.  The  values 
corresponding  to  these  indexes  are  the  sequents  themselves,  which  thus  form  the  leaves 
of  the  substitution  trees  in  the  database. 

To  check  if  a  given  sequent  is  subsumed,  we  look  up  every  formula  in  the  sequent  in 
the  particular  tree  in  this  forest  of  substitution  trees  that  corresponds  to  the  label  of  the 
formula.  The  particular  query  we  make  is:  "is  the  given  formula  an  instance  of  a  formula 
already  stored  in  the  substitution  tree?"  This  is  the  same  as  the  "instance"  query  in  Graf's 
description  of  the  substitution  tree  indexing  algorithm  ff46l.  The  result  of  the  query  is  a 
collection  of  subsumption  candidates.  For  each  candidate,  we  check  if  the  given  sequent 
is  subsumed  using  the  hierarchical  tests  above. 

In  the  implementation,  the  subsumption  tests  are  performed  iteratively  while  search¬ 
ing  for  the  subsumption  candidates.  The  order  in  which  these  candidates  are  produced 
can  thus  play  a  crucial  role  in  the  efficiency  of  lookup.  Thus  we  have  a  range  of  heuris¬ 
tics  to  consider  when  inserting  sequents  into  the  database.  For  instance,  our  approach 
of  indexing  a  sequent  by  the  principal  formula  might  not  always  be  the  most  efficient 
approach,  as  that  principal  formula  might  be  rarely  present  in  future  sequents.  Tammet 
has  proposed  in  H111H  to  index  by  the  pair  of  the  principal  formula  and  the  "heaviest 
literal"  in  the  sequent,  where  the  weight  of  a  literal  is  defined  using  various  factors  of 
its  term  structure.  He  presents  evidence  that  this  gives  a  solid  benefit  to  lookup  for  for¬ 
ward  subsumption  in  the  domain  of  classical  hyperresolution.  However,  his  design  uses 
discrimination  trees,  and  it  is  unclear  what  the  import  of  his  observation  is  to  the  linear 
inverse  method. 


5.6  Search  procedure 

The  key  element  in  the  search  procedure  is  the  application  of  a  rule  to  a  given  input 
sequent.  We  extend  the  approach  in  the  propositional  case  in  section  |4.1.5|  by  treating 
all  rules  as  essentially  unary  rules  that  produce  either  a  conclusion  sequent  or  a  partially 
instantiated  rule.  In  the  first-order  case  the  memoisation  of  partially  applied  rules  pays  off 


132 


well  in  preventing  repetitions  of  already  successful  matches  earlier.  The  price  of  course  is 
a  dynamically  growing  collection  of  (partially  applied)  rules  in  the  rule  database,  but  in 
practice  this  price  is  not  too  high  as  there  are  far  fewer  rules  generated  than  new  sequents. 
This  implementation  also  has  the  added  benefit  of  being  easily  extended  to  multi-premiss 
derived  rules  produced  by  focusing  in  chapter  [6j 


Rule  application  performs  factoring  eagerly  whenever  a  new  conclusion  is  derived.  In 
our  implementation,  we  do  not  in  fact  have  a  separate  "factor"  rule,  but  rather  perform 
a  sequence  of  factor  steps  whenever  both  premisses  of  a  binary  rule  is  matched.  As 


mentioned  earlier  in  sec.  5.4  we  do  not  need  to  consider  factoring  two  propositions  that 
originate  in  the  same  premiss;  thus  we  simply  need  to  consider  the  additive  contraction 
of  the  two  input  unrestricted  zones.  To  illustrate,  the  binary  <g )R  rule  is  rewritten  to: 


T  ;  [A] — »  A  ■  a 

F  ;  [AX'  — »  B  ■  o2  0  =  mgu (alfa2)  [T0]i  +  [T'dh  ^  [!"],  ■  £ 

T"  ;  [A  df,  A'6>£  W  — »  A®B  ■  otfE,  ®R 


Note  that  because  the  ^  relation  is  non-deterministic,  this  rule  has  several  possible 
conclusions  from  the  same  two  premisses.  All  conclusions  have  to  be  produced  in  an 
implementation  of  Every  produced  conclusion  will  be  a  consequence  of  a  sequence  of 
"factor"  steps  from  the  unfactored  sequent  (which  will  also  be  produced). 


As  before,  our  search  procedure  maintains  two  databases  of  sequents  as  mentioned  in 


defn.  4.17  The  inner  loop  of  the  search  procedure  performs  the  following  lazy  activation 
step  until  either  the  goal  sequent  is  subsumed  (in  which  case  the  search  is  successful),  or 
no  further  rules  are  applicable  to  the  active  sequents,  in  which  case  the  search  saturates. 
Activation  contains  a  closely  related  procedure  called  percolation  that  details  the  situation 
where  a  rule  application  produced  new  partially  applied  rules. 


Definition  5.29  (Lazy  activation).  To  activate  the  sequent  s,  i.e.,  to  transfer  it  from  the  kept 
sequents  database  to  the  active  sequents  database,  the  following  steps  are  performed: 


1. 

2. 

3. 


The  sequent  is  renamed  and  inserted  into  the  active  sequents  database. 

All  available  rides  are  applied  to  s.  If  these  applications  produced  new  rules  R,  then  percolation 
( defn. \5. 30 >  is  performed  on  R  to  obtain  the  full  collection  of  new  partially  instantiated  rides. 
The  new  rules  are  added  to  the  rule  database. 
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4.  All  sequents  generated  during  the  above  rule  applications  and  percolation,  together  with  all 
their  factors,  are  tested  for  subsumption  in  the  global  index  (fonvard  subsumption).  All 
unsubsumed  sequents  are  added  to  the  kept  sequents  database. 

Definition  5.30  (Percolation).  To  percolate  a  collection  of  rides  R,  the  following  two  steps  are 
performed  until  there  are  no  new  additions  to  R: 

1.  For  every  sequent  in  the  active  set,  every  rule  in  R  is  applied  to  it,  and 

2.  Any  new  rules  generated  are  added  to  R. 

A  sequent  is  added  to  the  kept  database  if  it  is  not  globally  subsumed  by  some  sequent 
derived  earlier.  In  fact,  if  it  is  subsumed,  then  none  of  its  factors  need  to  be  computed,  as 
they  are  merely  consequents  of  a  sequent  that  will  not  contribute  to  any  further  facts.  We 
use  the  following  heuristic  for  the  order  of  insertion  of  factors  of  a  given  sequent:  if  s  is 
the  result  of  a  sequent  of  factoring  steps  from  s',  then  s  is  checked  for  subsumption  before 
s'. 


5.7  Historical  review 


The  idea  of  lifting  ground  derivations  to  derivations  with  free  variables  can  be  traced 
back  to  Robinson's  original  work  on  resolution  111021.  It  is  a  very  general  idea  that  has 
now  become  a  standard  automated  reasoning  approach;  see,  for  example,  its  use  in 
logic  programming  1115L  Ignoring  the  resource  management  aspects  of  this  chapter,  the 
essential  technical  details  of  lifting  a  ground  forward  sequent  calculus  can  be  found  in 
the  Handbook  article  on  the  inverse  method  11351,  which  also  gives  a  broader  historical 
perspective. 


To  the  best  of  our  knowledge  there  has  never  been  (aside  from  the  present  work)  a 
consideration  of  the  resource  management  issues  with  forward  reasoning  in  first-order 
linear  logic.  The  problem  of  automated  reasoning  for  the  logic  of  bunched  implications 
(BI  logic)  [189)1  have  been  attempted  by  Mery  |[75l  and  Donnelly  et  al.  1361.  BI  logic  has 
many  similarities  to  linear  logic,  including  a  common  core,  but  the  theorem  proving  prob¬ 
lem  is  nonetheless  harder  for  BI  logic  because  of  its  prominent  structural  rules.  Mery's 
prover  uses  labelled  tableaux  in  a  goal  directed  fashion,  which  naturally  makes  his  setting 
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considerably  different  from  forward  reasoning.  Donnelly  et  al.  use  the  inverse  method, 
but  the  essential  difficulty  in  their  design  concerns  a  particular  interaction  between  weak¬ 
ening  and  contraction  that  is  germane  to  bunched  implication,  but  foreign  to  linear  logic. 
Perhaps  because  of  the  difficulty  of  the  problem,  their  work  is  in  a  preliminary  form  that 
does  not  incorporate  subsumption  or  indexing. 


Chapter  summary  In  this  chapter  the  fragment  from  chap  ter  ^is  extended  with 
the  first-order  quantifiers.  The  presence  of  quantifiers  complicates  the  treatment  of 
additive  rules  for  which  we  now  need  sophisticated  context  comparison  processes. 
This  chapter  also  discusses  the  updates  needed  to  the  inverse  method  procedure  of 
chapter^to  handle  quantifiers. 
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Chapter  6 

Focused  derivations 


The  calculi  seen  so  far  are  small  step  calculi:  each  logical  rule  applies  to  a  single  logical 
connective.  Of  course  one  can  attempt  to  use  such  small  step  calculi  for  proof  search, 
but  in  the  forward  direction  this  quickly  becomes  infeasible.  The  governing  engineering 
problem  in  the  forward  direction  is  that  of  managing  the  size  of  the  database  of  generated 
sequents.  The  natural  question  to  ask  then  is  if  it  is  possible  to  reason  in  larger  steps. 
Versions  of  this  question  have  been  considered  in  numerous  areas  of  automated  reasoning. 
In  the  domain  of  logic  programming,  for  example,  there  is  the  notion  of  Hereditary 
Harrop  formulas  118011  and  its  generalisation  to  uniform  proof  H79l  that  describes  how  to 
treat  compound  implications  as  "procedures"  in  a  programming  interpretation.  Another 
famous  example  is  hyperresolution  Hi 031  in  the  domain  of  automated  theorem  proving  for 
classical  logic,  where  the  input  theory  is  "cooked"  into  a  clausal  form  that  allows  large 
inferences.  Both  uniform  proofs  and  hyperresolution  are  logically  motivated  foundational 
approaches,  and  are  therefore  fairly  generalizable  to  a  wide  class  of  logics. 

There  have  also  been  investigations  into  more  operational  methods  of  making  large 
inferences.  One  can,  for  example,  apply  chains  of  unary  rules  eagerly  (in  the  forward 
direction).  Or  one  can  examine  the  theory  and  attempt  to  extract  some  extra-logical 
heuristics  for  applying  rules  that  will  amount  to  making  large  inferences.  Such  approaches 
are  not  without  merit;  however,  because  these  methods  are  not  logically  motivated,  they 
tend  to  be  hard  to  generalize  and  do  not  constitute  fundamental  improvements  to  search. 
In  this  chapter  we  examine  the  notion  of  focused  derivations  that  is  a  logically  motivated 
approach  that  applies  to  essentially  every  non-classical  logic.  In  fact,  focusing  can  be  seen 
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as  a  generalization  of  both  uniform  proof  search  and  hyperresolution  (see  the  discussion 
in  sec. 


6.4). 


This  chapter  is  organised  as  follows.  We  start  in  sec.|6.1|with  a  formal  reconstruction  of 
the  focusing  (backward)  calculus.  This  calculus  will  be  shown  to  be  complete  with  respect 
to  the  non-focusing  calculus  by  means  of  a  novel  cut-elimination  proof  (thm.  |6 .7).  In 
sec.  6.2.2  we  will  then  present  the  forward  version  of  this  focusing  calculus  and  sketch  the 


soundness  and  completeness  proofs.  In  sec.  6.4  we  will  look  at  a  number  of  translations 
of  other  logics  into  linear  logic  and  show  that  on  selected  fragments  the  focusing  calculus 
naturally  models  strategies  such  as  hyperresolution  and  SLD  resolution.  In  sec.  6.3.1  we 


will  examine  the  issues  with  implementing  a  focusing  inverse  method  prover;  the  key 
contribution  here  will  be  the  construction  of  derived  inference  rules  in  the  style  of  curried 
functions,  together  with  their  use  in  the  lazy  activation  OTTER  loop  described  in  the 
previous  chapter  (sec.  5.6). 


6.1  Focusing  backward  sequent  calculus 

Search  using  the  backward  calculus  can  always  apply  invertible  rules  eagerly  in  any 
order  as  there  always  exists  a  proof  that  goes  through  the  premisses  of  the  invertible  rule. 
Andreoli  pointed  out  f7]  that  a  similar  and  dual  feature  exists  for  non-invertible  rules  also: 
it  is  enough  for  completeness  to  apply  a  sequence  of  non-invertible  rules  eagerly  in  one 
atomic  operation,  as  long  as  the  corresponding  connectives  are  of  the  same  synchronous 
nature.  For  instance,  to  infer  p1  &  (p2  &  p3)  on  the  left,  there  are  three  different  possible 
proofs,  one  for  each  p,;  these  three  choices  present  an  essential  non-determinism  in  search. 
There  is  never  a  need  to  pause  with  p2  &  p3  and  consider  applying  a  rule  on  a  different 
proposition;  such  a  loss  of  "focus"  on  p2  &  p3  represents  an  inessential  non-determinism 
during  proof  search.  A  backward  focused  proof  thus  has  two  phases.  In  the  active  phase 
all  possible  rules  are  applied  in  an  arbitrary  order  to  asynchronous  propositions.  When 
only  synchronous  propositions  remain,  one  proposition  is  selected  and  a  focused  phase  for 
that  proposition  begins;  non-invertible  rules  are  then  eagerly  (and  non-deterministically) 
applied  to  decompose  that  proposition  into  asynchronous  propositions.  The  proof  then 
again  enters  the  active  phase. 
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In  classical  linear  logic  the  synchronous  or  asynchronous  nature  of  a  given  connective 
is  identical  to  its  polarity;  the  negative  connectives  (&,  T,  29/  V)  are  asynchronous, 
and  the  positive  connectives  (®,  1,  ©,  0,  3)  are  synchronous.  The  nature  of  intuitionistic 
connectives,  though,  must  be  derived  without  an  appeal  to  polarity,  which  is  not  a  primary 
concept  concept  in  the  constructive  and  judgmental  philosophy  underlying  the  logic  Q 
We  derive  this  nature  by  examining  the  rules  and  phases  of  search:  an  asynchronous 
connective  is  one  for  which  decomposition  is  complete  in  the  active  phase;  a  synchronous 
connective  is  one  for  decomposition  is  complete  in  the  focused  phase.  This  definition 
happens  to  coincide  with  polarities  for  classical  linear  logic,  but  is  decidedly  external.  The 
conjunction  A  from  intuitionistic  (non-linear)  logic,  for  instance,  is  nominally  of  negative 
polarity  but  can  be  seen  as  both  synchronous  and  asynchronous  by  our  definition;  the 
asynchronous  form  of  the  left  rule  comes  from  the  following  left  rule: 

T,  A,B  =>  C 
Y,A  AB  =>  C 

and  the  synchronous  form  of  the  left  rule  arises  from  the  pair  of  left  rules: 

T,AaB,A  =>  C  T,AaB,B=»C 
T,A  a  B  ==>  C  I,  A  AB=^C 


Either  style  of  the  left  rule(s)  for  A  by  itself  would  guarantee  completeness.  (See  also 
sec.  6.4.1 )  In  classical  (non-linear)  logic,  every  propositional  connective  is  both  syn¬ 


chronous  and  asynchronous. 


As  our  backward  linear  sequent  calculus  is  two-sided,  we  have  left-  and  right-  syn¬ 
chronous  and  asynchronous  connectives.  For  non-atomic  propositions  a  left-synchronous 
connective  is  right-asynchronous,  and  a  left-asynchronous  connective  right-synchronous; 
this  appears  to  be  universal  in  well-behaved  logics.  We  define  the  notations  in  the  follow¬ 
ing  table. 


symbol 

meaning 

P 

left-synchronous  (V,  &,  T,  -°) 

Q 

right-synchronous  (3,  ®,  1,  ©,  0,  !) 

L 

left-asynchronous  (3,  <g>,  1,  ©,  0, !) 

R 

right-asynchronous  (V,  &,  T,  — °) 

1Note  that  polarities  may  be  derived  from  the  synchronous/asynchronous  distinction  laid  out  in  this 
section,  so  it  is  certainly  a  definable  concept  in  intuitionistic  logics. 
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The  above  table  does  not  include  the  atomic  propositions.  Andreoli  observed  in  |7[ 
that  it  is  sufficient  to  assign  arbitrarily  a  synchronous  or  asynchronous  nature  to  the  atoms 
as  long  as  duality  is  preserved.  However,  Andreoli's  observation  was  for  classical  linear 
logic  where,  due  to  the  precise  symmetry  of  connectives,  assigning  a  positive  polarity  to 
an  atom  was  equivalent  to  assigning  a  negative  polarity  to  its  dual,  so  one  would  simply 
obtain  the  same  result  in  dualised  form  by  flipping  the  polarity  of  an  atom.  However,  in 
our  intuitionistic  setting  since  atomic  propositions  have  no  deeper  propositional  structure, 
we  are  forced  to  treat  them  as  synchronous  propositions.  Andreoli's  observation  about 
atoms  is  not  entirely  inapplicable  to  the  intuitionistic  setting:  we  can  in  fact  differentiate 
the  atoms  by  means  of  a  focusing  bias,  which  indicates  whether  the  atomic  proposition 
under  focus  must  immediately  be  derived  in  an  initial  sequent.  This  distinction  will 
become  clearer  once  the  details  of  the  calculus  are  presented. 

The  backward  focusing  calculus  consists  of  the  following  kinds  of  sequents: 


T;A»A 
T ;  A;A<<cQ 
T  ;  A ;  Q  ==>  C ;  • 
T  ;  A ;  Q  =>  • ;  Q 


right-focal  sequent  with  A  under  focus 
left-focal  sequent  with  A  under  focus 
right-active  sequent 
left-active  sequent 


We  use  y  to  represent  schematically  either  right  hand  form  C ;  •  or  • ;  Q.  T  contains  the 
unrestricted  resources  as  usual.  A  contains  only  left-synchronous  propositions,  i.e.,  it  is  of 
the  form  Plr  P2, ...  ,Pn.  Q  is  an  ordered  context  of  propositions  which  may  be  synchronous 
or  asynchronous,  i.e,  Ax  •  A2  ■  ■  ■  An.  We  use  a  centered  dot  (•)  instead  of  a  comma  to  indicate 
that  this  context  is  ordered.  In  the  active  sequents,  the  right  propositions  in  Q  and  the 
proposition  C  in  C ;  •  will  be  called  "active". 

For  active  sequents  the  right  active  propositions  are  decomposed  until  they  become 
right-synchronous,  i.e.,  a  sequent  of  the  form  T ;  A ;  Q  ==>  Q ;  The  right  hand  side  is 
then  changed  into  the  form  • ;  Q.  Similarly,  the  propositions  in  Q  are  decomposed  except 
when  the  proposition  is  left-synchronous,  in  which  case  it  is  transferred  to  A.  The  two 
key  judgemental  rules  that  transfer  synchronous  propositions  out  of  the  active  zones  of 
the  sequents  are  as  follows: 

T  ;  A  ;  Q  =>  • ;  Q  T  ;  A,  P ;  Q  •  Q'  =>  y 

T  ;  A  ;  Q  ==>  Q  ;  •  raCt  T ;  A  ;  Q  •  P  ■  Q'  =>  y  lact 
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For  logical  rules,  the  top  level  connective  in  the  active  proposition  is  reduced  using  the 
corresponding  rule  in  the  backward  sequent  calculus.  The  following  are  two  characteristic 
examples: 

T ;  A ;  Q  ==>  A  ;  •  T  ;  A  ;  Q  =>  B  ;  •  T  ;  A  ;  Q  •  A  •  B  •  Of  =>  y 

T ;  A ;  Q  =>  A  &  B  ;  ■  T ;  A ;  Q  •  A  ®  B  •  Q'  =>  / 


Eventually  the  active  sequent  is  reduced  to  the  form  T  ;  A  ;  •  =>  ■ ;  Q,  which  we  call 
neutral  sequents.  A  focusing  phase  is  launched  from  such  a  neutral  sequent  by  selecting  a 
/od/cj^]  proposition  and  giving  it  the  corresponding  focus.  As  mentioned  in  sec.  6.1 


atomic 


propositions  are  given  focusing  biases  in  our  system;  if  an  atom  has  the  wrong  bias,  it  is 
not  considered  focile. 


Definition  6.1  (Focile  propositions). 

1.  A  proposition  is  right-focile  if  it  is  right-synchronous  and  not  a  right-biased  atom. 

2.  A  proposition  is  left-focile  if  it  is  left-synchronous  and  not  a  left-biased  atom. 


The  following  are  the  rules  that  give  a  focile  formula  in  a  neutral  sequent  its  corre¬ 
sponding  focus. 


T  ;  A  »  Q  Q  right-focile 
T ;  A ;  •  =>  • ;  Q 


rfoc 


T ;  A ;  P  Q  P  left-focile 
T ;  A,  P ;  ■  =>  ■ ;  Q 


lfoc 


Note  that  being  focile  is  an  internal  quality  of  synchronous  propositions.  However,  there 
are  both  synchronous  and  asynchronous  propositions  in  the  unrestricted  context  T.  When 
we  are  in  a  neutral  sequent,  we  may  copy  a  proposition  out  of  the  unrestricted  context 
and  immediately  focus  on  it,  regardless  of  whether  it  is  focile  or  not. 


T,A;  A;A<g;Q 
T,A;A;-  =>  • ; Q 


copy 


If  this  proposition  is  actually  left-asynchronous,  then  we  will  immediately  remove  focus 
on  it  and  transition  to  an  active  phase,  as  mentioned  below.  We  will  use  the  technical 
term  blur  to  refer  to  losing  focus  and  transitioning  to  an  active  sequent  (reading  the  rules 
bottom-up). 

2Focile  is  not  standard  English  and  is  being  used  in  this  thesis  to  mean  "something  that  can  be  focused 
on".  We  prefer  it  to  "focusable". 
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Once  the  focile  formula  is  given  focus,  is  decomposed  under  focus  until  it  becomes 
asynchronous  or  ends  in  an  initial  sequent.  There  are  two  forms  of  the  initial  sequent, 
corresponding  to  the  two  focusing  biases. 


p  left-biased 

T;p»p 


rinit 


p  right-biased 
T;-;p<^p 


linit 


If  the  focal  proposition  becomes  atomic,  we  terminate  with  one  of  the  two  above  forms. 
If  the  focal  proposition  is  asynchronous,  we  blur  the  focus  and  return  to  one  of  the  active 
sequent  forms. 

T ;  A ;  •  =>  R ;  •  T;A;L^-;Q 

T;A»B  rb  T;A;L<3cQ  lb 


Then  we  are  back  to  an  active  phase.  If  the  focal  proposition  is  atomic  and  of  the  wrong 
bias,  that  is  the  "linit"  or  "rinit"  rules  don't  apply,  then  also  we  blur  the  focus,  but  in 
this  case  it  is  not  necessary  to  enter  an  active  phase;  instead,  we  transition  directly  to  the 
neutral  sequent. 


T ;  A ;  • 


• ;  p  p  right-biased 
T;  A»p 


rb* 


T  ;  A,  p  ;  •  ==>  • ;  Q  p  left  biased 
T;  A;p«:Q 


lb* 


Decomposing  focal  propositions  uses  non-invertible  rules  for  that  proposition,  and 
focus  is  maintained  to  the  operands  of  the  top-level  connective  of  the  proposition.  The 
following  are  a  pair  of  characteristic  examples. 

T;Ax»A  T;A2»B  T;A;A,«:Q 

T;A1,A2»A®B  ®  I  ■,A-A1&cA1<^Q  ' 


There  is  only  one  subtlety  with  these  logical  rules,  having  to  do  with  the  exponential 
connective  !.  Although  it  is  right  synchronous,  the  IR  rule  cannot  maintain  focus  on  the 
operand. 


T ;  • ;  •  =>  A ;  • 
T ;  •  »  !  A 


!  R 


If  we  forced  the  operand  to  maintain  focus,  then  there  would  be  no  focused  proof  of 
• ;  • ;  ■  =>  \(a  ©  b)  -°  l(b  ©  a) ;  •,  for  example.  To  see  why,  note  that  the  active  phase  will 
decompose  this  sequent  to  the  neutral  sequent  a  ®b ;  • ;  •  =>  ■;!(&©  a).  Now  we  have  two 
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choices.  If  we  copy  a  ©  b  on  the  left  under  focus,  then  we  eventually  obtain  the  neutral 
sequents  a®b  ;a;-  =>  • ;  l(b  ©  a)  and  a®b  ;b ;  •  =>  • ;  l(b  ®  a). 


a®b  ;a  ;■ 
a®b ;  •  ;a 


=>•;!(&  ffi  a)  a  ®  &;&;•=>■;!(&  ®  a) 

=»  • ;  !(b  ffi  a)  ^act  a®b  ;•  ;b  =>  • ;  l(b  ffi  a)  ^act 
a®b ;  •  ;a®b  ==>  •;!(£>©  a) 
a  ®b ;  ■ ;  a®b  «.\(b  ffi  a)  ^act 
a  ®b ;  • ;  •  =>  • ;  l(b®a) 


In  either  case  the  IR  rule  cannot  be  applied  because  the  linear  context  is  not  empty  Thus 
this  choice  was  wrong  and  we  had  to  focus  on  the  right,  giving  a  ffi  b ;  •  »  \(b  ffi  a).  If  we 
decompose  this  under  focus  to  get  a  ffi  b ;  •  »  b  ffi  a,  then  the  proof  cannot  proceed  because 
we  cannot  choose  between  a  and  b.  However,  if  we  blur  the  right  focus  on  b  ffi  a,  then  we 
can  then  focus  on  the  left  and  get  two  provable  sequents  in  the  premisses  of  ffiL. 

One  explanation  for  this  focus-removing  behaviour  of  !  is  that  there  is  a  hidden  tran¬ 
sition  from  (!  A)  goal  to  the  categorical  judgement  A  true  which  in  turn  reduces  to  A  goal. 
We  may  think  of  them  as  two  microrules: 

T ;  A  =>  A  true  T ;  ■  ==>  A  goal 
T ;  A  =>  (!  A)  goal  T ;  ■  =>  A  true 


The  first  of  these  two  rules  is  the  internalisation  of  the  categorical  judgement  and  is 
invertible;  the  second  the  second  is  the  definition  of  the  categorical  judgement  and  is  non¬ 
in  vertible.  The  exponential  therefore  has  aspects  of  both  synchronicity  and  asynchronicity: 
the  overall  composition  is  synchronous,  but  there  is  a  phase  change  when  applying  the 
rule.  Girard  has  made  a  similar  observation  that  exponentials  are  composed  of  one  micro¬ 
connective  to  change  polarity,  and  another  to  model  a  given  behavior  Il44l  Page  114];  this 
observation  extends  to  other  modal  operators,  such  as  why-not  (?)  of  JILL  11271  (as  in 
sec. 


2.1.3 1  or  the  lax  modality  of  CLF  Hll7l. 


The  full  set  of  rules  is  in  fig.  6.1  Soundness  of  this  calculus  is  rather  an  obvious 
property —  forget  the  distinction  between  A  and  Q,  elide  the  focus  and  blur  rules,  and  the 
original  backward  calculus  appears. 


Theorem  6.2  (Soundness). 


1.  IfT ;  A»  A  then  T ;  A  =>  A. 

2.  IfT  ;  A ;  A  Q  then  T  ;  A,  A  =>  Q. 
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r ;  A  »  A  right-focal 


q  left-biased 
T  ;q^>q 


linit 


r ;  •  » 1 


1 R 


r;Ai»A  r ;  A2  »  B 
r;A1/A2»A®B  ® 


;A  »Af  r;  A»[t/x]A  r;  • ;  •  =>  A 

;A»Ai©A2  1  r ; A » 3x.A  di<  r;-»!A  ' 


T ;  A ;  A  <sc  Q  left-focal 


p  right-biased  T ;  A ;  A; «  Q 

r ;  • ;  p  «  p  nmt  r;A;A1&A2«Q  &  f 
r ;  Ai ;  B  «  Q  r ;  A2  »  A  T ;  A  ;  [f/x]A  «  Q 

T ;  Ax,  A2  ;  A  B  «  Q  F;A;Vx.A«Q 


focus 


T ;  A ;  P  «  Q  P  left-focile 
r ;  A,  P  =>  Q 


lfoc 


T ;  A  »  Q  Q  right-focile 
r ;  A  =>  Q 


rfoc 


r/A;A;A«Q 
T,A ;  A  =>  Q 


copy 


T ;  A ;  Q  =>  R ;  •  right-active 


r;A;Q=>A;-  r;A;Q=>B;- 
F;  A ;  Q  =>  A  &  B  ;  • 


&P 


f;  A;Q 


T;- 


T  R 


r;A;Q-A=>B;-  T ;  A ;  Q  =>  [a/x\A  ;  •  T ;  A ;  Q  =>  • ;  Q 

F;  A ;  Q  ==>  A  B  ;■  F;A;Q^Vx.A;-  7  F;  A;Q  =>  Q;- 


r ;  A ;  Q  •  L  •  Q' 


7 


left-active 


T ;  A  ;  Q  •  A  •  B  •  Q' 


r 


®L 


r ;  A ;  Q  •  O' 


y 


1 L 


T ;  A ;  Q  •  A  ®  B  •  O'  ==>  y  I ;  A ;  Q  •  1  •  Q'  =>  y 

T ;  A ;  Q  •  A  •  O'  ==>  Q  T ;  A ;  Q  •  B  •  Q'  =>  y  ^ 

F ;  A ;  Q  •  A  ®  B  •  O'  =>  y  ®L  r ;  A ;  Q  •  0  •  Q' 


y 


0  L 


T;  A ;  Q  •  [a/x]A  ■  Q' 


y 


r;A;Q-3x.A-Q' 


y 


3La 


r,A;A;Q-Q' 


y 


r ;  A ;  Q  • !  A  •  Q' 


y 


!  L 


r ;  A,  P ;  Q  •  Q' 


7 


T ;  A ;  Q  •  P  •  Q' 


y 


lact 


blur 


T ;  A ;  L  =»  • ;  Q 
T ;  A ;  L  «  Q 


T ;  A ; 


R; 


T;  A»P 


rb 


r;  A ,q;- 


T ;  A ;  • 


==>  • ;  Q  q  left-biased 
T ;  A ;  q  «  Q 
=>  ■ ;  p  p  right-biased 
T;  A»p 


lb* 

rb* 


Figure  6.1:  Backward  linear  focusing  calculus 
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3.  IfT ;  A;  Q  =>  C ;  ■  then  T ;  A,  Q  =>  C. 

4.  IfT ;  A ;  Q  =>  • ;  Q  then  T ;  A,Q  =>  Q. 

Proof.  By  structural  induction  on  the  given  focused  derivation.  Note  that  all  the  logical 
rules  neatly  fall  into  one  of  the  above  cases.  To  illustrate,  consider  the  rule  <8 )R,  i.e,  the 
derivation  that  ends  with  the  following  rule: 

T;  Ai  »A  T;  A2»B 
T;  A1/A2»A®B 


T  ;  Ai  =>  A  and  T  ;  A2  =>  B  i.h. 

T;A1,A2=»A®B  ®R. 


For  phase  transition  rules  (i.e.,  lb,  lb*,  rb,  rb*,  lact,  ract,  lfoc,  and  rfoc),  the  premiss  and  the 
conclusion  of  the  rule  both  denote  the  same  sequent  in  the  non-focusing  calculus.  □ 

Theorem  6.3  (Structural  properties). 

1.  Weakening: 

(a)  IfT ;  A^>  AthenT  ,T'  ;A»A 

(b)  IfT;A;A<zQ  then  T, T' ;  A ;  A «: Q. 

(c)  IfT ;  A ;  Q  =>  y  then  T,  F  ;  A ;  Q  =>  y. 

2.  Contraction: 

(a)  IfT,A,A;A^>CthenT,A;A^>C. 

(b)  IfT ,  A,  A ;  A ;  B  <^c  Q  then  Y,A  ;  A ;  B  Q. 

(c)  IfT,  A,  A ;  A ;  Q  =>  y  then  T,  A ;  A ;  Q  =>  y. 


Proof  sketch.  By  straightforward  structural  induction  on  the  given  derivations.  As  before 
with  theorem  2.17[  we  note  that  the  unrestricted  context  of  any  given  sequent  persist  all 
the  way  up  to  the  axiomatic  cases  of  the  proof  branch  with  that  sequent  as  the  conclusion, 
wherein  these  structural  statements  are  trivially  true.  □ 


We  show  the  completeness  of  the  focusing  calculus  by  interpreting  every  backward 
sequent  as  an  active  sequent  in  the  focusing  calculus,  then  showing  that  the  backward 
rules  are  admissible  in  the  focusing  calculus.  This  proof  relies  on  admissibility  of  cut 
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in  the  focusing  calculus.  Because  a  non-atomic  right-synchronous  proposition  is  left- 
asynchronous,  all  principal  cuts  will  be  between  a  focal  sequent  and  an  active  sequent.  For 
example,  for  the  principal  cut  for  <g>,  we  have  to  consider  the  following  pair  of  derivations. 

T ;  Ai »  A  T ;  A?  »  B  T ;  A' ;  Q  •  A  •  B  •  D'  =>  y 

r ;  Ai,  A2  »  A  <8>  B  T ;  A' ;  Q  •  A  0  B  •  Q'  =>  y 

The  cut  is  permuted  to  the  component  derivations  which  also  maintain  this  form  of  cut. 
A  similar  situation  occurs  in  the  dual  case.  The  result  of  these  cuts  will  be  active  because 
the  proposition  under  focus  is  cut. 

We  also  have  to  include  a  few  more  general  cuts  in  order  for  the  commutative  cases 
in  the  cut  theorem  to  work.  Primarily,  we  require  cuts  between  two  active  sequents,  the 
result  of  which  will  be  another  active  sequent.  In  the  proof  we  also  need  to  consider  two 
special  cases  where  the  cut  formula  is  in  a  focal  sequent  but  not  itself  under  focus.  For  the 
induction  in  the  cut  theorem  to  work,  these  specific  cases  will  have  to  redo  the  focusing 
steps  for  the  proposition  under  focus,  as  explained  in  the  details  of  the  proof. 

The  proof  of  cut-elimination  requires  one  key  lemma:  that  permuting  the  ordered  con¬ 
text  does  not  affect  provability.  This  lemma  thus  allows  cutting  formulas  from  anywhere 
inside  the  ordered  context,  and  also  to  re-order  the  context  when  needed. 

Lemma  6.4  (Permutation). 

IfT ;  A ;  Q  =>  y,  then  T ;  A ;  Q'  ==>  y  for  any  permutation  O'  of  Q.  □ 

Proof  By  structural  induction  on  the  derivation  D  ::  T  ;  A ;  Q  =>  y.  The  following  is  a 
representative  case  for  ®L,  where  Q  =  Qi  •  A  ®  B  ■  Q2  and  the  last  rule  in  D  was: 

T ;  A ;  •  A  •  B  •  02  —  /  y 

f ;  A  ;  Qx  •  A  ®  B  ■  Q2  =>  y  0L 

Let  a  permutation  Q'  of  Qi  •  A  ®  B  ■  Q2  be  given.  It  has  the  form  •  A  ®  B  ■  D,'2  where 
Q'  •  Q'2  is  a  permutation  of  Qi  •  Q?,  i.e.,  Q'  •  A  ■  B  ■  D,'2  is  a  permutation  of  Lh  •  A  ■  B  ■  Q2. 
Therefore,  by  the  induction  hypothesis,  T  ;  A  ;  Q'  ■  A  ■  B  ■  CY0  =>  y.  Then  use  ®L.  □ 

One  consequence  of  this  lemma  is  that  the  order  of  the  propositions  in  the  active 
contexts  does  not  matter.  Therefore,  we  can  always  find  a  proof  where  the  decompositions 
in  the  active  phase  fix  a  canonical  order  of  decomposition.  In  our  implementation,  we 
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first  decompose  the  active  propositions  on  the  right,  and  then  the  left  active  propositions 
in  the  order  of  right  to  left.  The  actual  active  rules  we  thus  implement  in  sec.  |h2] interpret 
the  active  rules  as  if  they  were  the  following  (representative  cases): 

T  ;  A  ;  Q  =>  A  ;  •  T  ;  A ;  Q  =>  B  ;  •  T ;  A  ;  Q  •  A  ■  B  =>  • ;  Q 

T  ;  A  ;  Q  ==>  A  &  B  ;  •  Y ;  A ;  Q  •  A  ®  B  =>  • ;  Q 

Any  other  ordering  would  also  work,  in  principle.  We  prefer  this  ordering  because  it  is 
slightly  more  systematic;  for  example,  for  iterated  implications  on  the  right,  this  ordering 
would  first  transfer  the  antecedents  of  the  implication  to  the  left  active  context  before 
examining  the  antecedents  in  order. 

Definition  6.5  (Similar  derivations).  Two  derivations  D\  and  1)2  of  F  ;  A  ;  Q  =>  y ,  written 
D]  ~  T>2,  are  said  to  be  similar  if  they  differ  only  in  the  order  in  which  active  rides  are  applied  to 
elements  of  Q  and  y. 

Essentially,  two  derivations  are  similar  if  the  only  differences  are  in  the  inessential  non- 
deterministic  choices  in  the  active  phase.  This  definition  comes  with  a  fact  for  which  we 
omit  the  easy  proof. 

Fact  6.6.  If  D  ::Y ;  A ;  Q  =>  y  and  D'  ~  D,  then  D'  ::  T ;  A ;  Q  =>  y.  □ 

For  the  cut  theorem,  similar  derivations  are  considered  to  be  equal  for  the  purposes  of  the 
lexicographic  order. 

Theorem  6.7  (cut).  If 

1.  Y ;  A  ^>Aand: 

(a)  Y ;  A' ;  Q  •  A  •  Q'  ==>  y  then  Y ;  A,  A' ;  Q  •  Q'  =>  y. 

(b)  Y ;  A',  A ;  Q  =>  y  then  Y ;  A,  A' ;  Q  =>  y. 

2.  Y ;  • »  A  and  T,  A ;  A ;  Q  =>  y  then  Y ;  A ;  Q  =>  y. 

3.  T  ;  A ;  Q  =>  A;  ■  orY  ;  A ;  Q  =>  • ;  A  and: 

(a)  Y ;  A' ;  A  «  Q  then  Y ;  A,  A' ;  Q  =>  ■ ;  Q. 

(b)  Y ;  A' ;  Q'  ■  A  ■  Q"  =>  y  then  Y ;  A,  A' ;  Q  •  O'  •  Q"  =>  y. 

(c)  Y  ;  A',  A  ;  Cl'  =>  y  then  Y ;  A,  A' ;  Q  ■  Q'  =>  y. 

4.  Y  ;  • ;  •  =>  A;-orY;-;-  =>  ■ ;  A  and: 

(a)  T,  A ;  A ;  Q  =>  y  then  Y ;  A ;  Q  =>  y. 
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(b)  T,  A ;  A  »  B  then  T ;  A  »  B. 

5.  T ;  A ;  B  «:  A  and: 

(a)  T ;  A' ;  A  =>  • ;  Q  then  T ;  A,  A' ;  B  «:  Q. 

(b)  T ;  A ',  A  ;•=>•;  Q  f/ien  T ;  A,  A' ;  B  «:  Q. 


Proo/.  By  lexicographic  induction  on  the  given  derivations.  The  argument  is  lengthy 
rather  than  complex,  and  is  an  adaptation  of  the  proof  of  theorem  2.21  Name  the  three 
derivations  in  each  case  D,  &  and  "T  respectively.  The  lexicographic  order  prescribed  in 
the  proof  of  theorem|2.21|is  extended  in  the  obvious  fashion  to  the  focusing  calculus,  with 
one  further  condition  that  cuts  of  type  5  may  be  used  in  the  inductive  arguments  of  all 
other  types  of  cuts. 


A  sequent  is  smaller  than  another  if  it  has  fewer  elements  in  the  zones  of  the  context; 
the  order  of  Q  is  irrelevant  in  comparing  sizes  of  sequents.  We  can  successfully  do  this 
because  lem.  |6.4|  guarantees  that  the  precise  order  of  Q  is  irrelevant.  For  the  purposes  of 
this  proof,  derivations  of  sequents  that  only  differ  in  the  order  of  the  unrestricted  contexts 
are  taken  to  be  equal. 


Initial  cuts.  In  this  cut  one  of  the  derivations  is  initial.  For  example: 

p(n  right-biased  -» 

1)  =  FW  5  „ - —  rinit  £  ::  T ;  A ;  Q  =>  p(t5 ;  • 

Here  =  S.  The  companion  case  for  left-biased  atoms  is  similar. 


Principal  cuts.  A  principal  formula  is  introduced  in  both  D  and  &. 


Case  of  <g>: 


£>  = 


D\  ::  T ;  Aj  A  ::  T ;  A2  B 
T ;  Ai,  A2  »  A  ®  B 


®R 


T ;  A2,  A ;  Q  •  A  •  Q'  =>  ■ ;  Q 
T ;  Alr  A2,  A ;  Q  ■  Q'  =>  • ;  Q 


S'  ::^;A;Q•A•B•Q,  y 
T ;  A ;  Q  •  A  ®  B  ■  O'  =>  y  ™ 

cut  on  T>2  and  £' 
cut  on  T)\  and  above 


Case  of  1: 


Here  T  =  S'. 


»1 


1 R 


£'  "WAjO-Q'  =>y 
r ;  A ;  Q  •  1  •  Q'  =>  y 
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Case  of  ©: 

D'  ::  T ;  A  »  A  c  _  fii  ::  T ;  A' ;  Q  •  A  •  Q'  =>  y  S2  ::  T ;  A' ;  Q  •  B  ■  Q'  =>  7 

r;A»A®B  ®  1  r;A';Q-A©B-Q'  =>  y 

T  ;  A,  A' ;  Q  =>  ■ ;  Q  cut  on  Tf  and  &i 

The  case  of  ®R2  is  similar. 


Case  of  0:  there  are  no  principal  cuts  for  0. 


Case  of  !: 


£>  = 
T  ;  A ;  Q  = 


r;-»!A 


IR  6  = 


S'  ::  T,  A  ;  A ;  Q  •  Q'  =>  Q 


!  L 


Q 


r;A;Q-!A-Q'  =>  Q 

cut  on  D'  and  S' 


Case  of  3: 


_  £>'  ::  T;A»[t/x]A 

D  = - — { - _/  '  3R 

T ;  A  »  3 x.A 

T ;  A,  A' ;  Q  •  Q'  =>  7 


S'  ::  T;  A' ;  Q  ■  [a/*]A  •  Q'  =>  y 


3Lfl 


T ;  A' ;  Q  •  3x.A  •  Q'  =>  y 

cut  on  £)'  and  [t/a\S' 


Case  of 


D 


D'  ::  T;A;Q-A  =>  B; 
T ;  A ;  Q  >  A  —o  B  }  • 

T  A2/  A  ;  Q  >  B  )  • 

T  ;  Ai,  A2/  A  ;  Q  =>  • ;  Q 


u  o  Si::r;Ai;B«Q  £2::r;A2»A 

—OR  O  =  - = 7 7 - 7 - 77 _ -  — o  L 

T ;  Ai,  A2;A-oB«Q 

cut  on  &2  and  D' 
cut  on  above  and  &i 


Case  of  &: 


D 


Dx  ::  T ;  A' ;  Q  =>  A  ;  •  D2  ::  T ;  A' ;  Q  =>  B  ; 
T ;  A' ;  O'  ==>  A  &  B  ;  • 

T  ;  A,  A' ;  Q  =»  • ;  Q 


0  £'  ::  T ;  A;A«Q  „ 

£  _  r ;  A;A&B«Q  &  1 

cut  on  £)'  and  £1 


Case  of  T :  there  are  no  principal  cuts  for  T. 


Case  of  V: 


D 


D'  ::  r;A;Q  ==>  [a/x]A ;  ■ 
T ;  A ;  Q  =>  Mx.A  ;  • 


0  S'  ::  r;A';[t/x]A«Q 
VR"  r;A-;vA<<Q  YL 


©L 
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r ;  A,  A' ;  Q  =>  • ;  Q 


cut  on  [t/a]D'  and  £'. 


Focus  cuts.  Where  the  last  rule  in  D  gives  focus  to  the  cut-formula. 

^  £>'  ::  r;A;P«cQ  j  c  r  A/  __  n 

Case.  D  =  - — =  and  £  ::  T ;  A  ;  Li  =»  P ;  -. 

/  ’  '  *  / 

r;A,A';Q  =>  Q 

The  case  for  £  ::  T  ;  A' ;  Q  =>  ■ ;  P  is  similar. 


cut  on  Hy  and  £ 


^  £>'  ::  T,A;A;A«cQ  JC  A/  ^ 

Case.  D  =  — . - ~  and  £  ::  T  ;  A  ;  Q  = 

1 ,  A ;  A ;  •  — >  • ;  y 

T,  A ;  A' ;  Q  =>  A ;  • 

T,  A  ;  A,  A' ;  Q  =>  • ;  Q 

The  case  for  £  ::  T  ;  A' ;  Q  =>  ■ ;  A  is  similar. 


A;, 


weakening  on  £  (thm.  6.3) 


cut  on  Hy  and  above 


Case.  D  =  P  F;A»Q  and  £  ::  r ;  A' ;  Q  •  Q  •  Q' 


T;A;-^-;Q 

T  ;  A,  A' ;  Q  ■  Q' 


r 


Y- 


cut  on  Hy  and  £  {%)'  smaller) 


T)'  ::  T  ■  -  »0 

Case.  D  =  ^7~. — “ - £  ::  T,  Q ;  A ;  Q  =>  y. 

T  ;  A ;  Q  ==>  y 


cut  on  Hy  and  £  {%)'  smaller) 


Blur  cuts.  Where  the  last  rule  in  £  blurs  focus  from  the  cut  formula. 
Case.  £  =  ^  =P  —  and  £>  ::  T  ;  A' ;  O'  =>  L  ;  •. 


T;A;L«Q 
T ;  A,  A' ;  Q  =>  ■ ;  Q 

The  case  of  D  ::  T ;  A' ;  O'  =>  • ;  L  is  similar. 


cut  on  D  and  £'  (£'  smaller) 


Case.  D  = 


£>'  ;;  r  ;  A ;  •  =>  R  ;  • 


T;A»P 
Subcase.  £  ::  T ;  A' ;  Q  •  R  ■  Q'  =>  y. 

T ;  A,  A' ;  Li  ■  Q'  =>  y 

Subcase.  £  ::  T ;  A',P ;  Li  =>  y. 

T;A,A';0=^y 


cut  on  Hy  and  £ 


cut  on  D'  and  £ 


T?  -  T  •  ■  ■  •  =>  ■  •  P 

Case.  D  = - 5 - - —  and  £  ::  T,P  ;  A  ;  Li  ==>  y. 

T;  »P  A 
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r  ;  A ;  Q  =>  y 


cut  on  jy  and  £ 


Case.  D  = 


D'  ::  T ;  A ;  •  =>  • ;  p  p  right-biased 


T ;  A 

Subcase.  S  ::  T  ;A';Q-p-Q' 


y- 


T  ;  A,  A' ;  Q  =>  y 
Subcase.  6  ::  T  ;  A',p ;  Q  =>  y. 

T  ;  A,  A' ;  Q  ==>  y 


cut  on  D'  and  S 


cut  on  D'  and  £ 


Case.  D  = 


D'  ::  T ;  • ;  •  =>  • ;  p  p  right-biased 

r  ;-»p 

T ;  A ;  Q  =>  y 


and  £  ::  T,  p  ;  A ;  Q  =>  y. 

cut  on  D'  and  £ 


6' 

Case.  D  ::T  ;  A  ;  Q  ==>  p  ;  •  and  S  =  — 
T ;  A,  A' ;  Q  =>  • ;  Q 


r ;  A'rp ;  •  ==>  • ;  Q  p  left-biased 
T ;  A' ;  p  «:  Q 

cut  on  D  and  £' 


For  commuting  cuts,  we  commute  into  the  available  active  derivation.  There  is  no  need 
to  consider  commuting  a  cut  across  a  focus  rule. 

Left-commutative  cuts.  Where  the  cut  formula  is  a  side-formula  on  the  left. 


Case.  The  cut-formula  A  in  the  active  zone.  For  instance, 

c  Si  ::  T ;  A ;  Q  •  A  =>  B  ;  •  £2  ::  T  ;  A ;  Q  •  A 
T ;  A ;  Q  •  A  ==>  B  &  C ;  • 

Subcase.  D  ::  T ;  A'  »  A. 

T  ;  A,  A' ;  Q  ==>  B  ;  • 
r;A,A';0=^C;- 
r;A,A';Q  =>  B&C;- 

Subcase.  V  ::  T ;  A' ;  Q'  =>  A  ;  •  or  D  ::  T  ;  A' ;  O'  =>  • ;  A. 

T  ;  A,  A' ;  Q'  •  Q  =»  B  ;  • 
r;A,A';Q'-Q=4C;- 
T ;  A,  A' ;  O'  •  Q  ==>  B  &  C ;  • 


C;- 


cut  on  D  and  £1 
cut  on  D  and  £2 

cut  on  D  and  £x 
cut  on  D  and  £2 
&R 


Case.  The  cut-formula  is  left-synchronous,  and  in  the  linear  zone.  For  instance: 

e  _  £1  ::  T  ;  A,  A  ;  Q  ==>  B  S2  ::  T  ;  A,  A  ;  Q  =>  C ;  • 

T ;  A,  A ;  Q  =>  B  &  C ;  • 
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Subcase.  V  ::  T ;  A' ;  Q'  =>  A ;  •  or  D  ::  T ;  A' ;  Q' 
r;A,A';Q'-D=>B 
r;A,A';Q'-Q=>C 
r;A,A';Q'-0=^B&C 


•;A. 


cut  on  D  and  Si 
cut  on  T>  and  S2 
&cR 


Subcase.  S  ::  T ;  A'  »A.  As  A  is  left-synchronous,  it  is  either  an  atom  or  right- 
asynchronous. 


Subcase  A  =  pm  and  left-biased.  In  this  case  S  = - 7^ - 7^  rinit.  Use 

rfoc  to  get  T  ;  p(t) ;  •  =>  • ;  p(f),  and  we're  in  the  previous  case. 
Subcase  A  =  p(t)  and  right-biased.  In  this  case,  the  only  rule  that  can  have 
concluded  S  is  rb*,  so  we  have  T  ;  p(t) ;  ■  ==>  p(t) ;  •.  Once  again, 
this  is  addressed  by  the  previous  case. 

Subcase  A  is  right-right-asynchronous.  Like  the  previous  case,  the  last  rule 
in  S  must  have  been  rb,  so  we  have  F ;  A' ;  •  =>  A  ;  •,  which  is  a 
previously  addressed  case. 

Case.  The  cut  formula  A  is  in  the  unrestricted  context;  characteristic  examples: 

(a)  6  ends  with  a  left-active  rule,  say: 


£> ::  T;-;-  =>  A;- 

T ;  A ;  Q  •  £>  •  C  •  Q'  ==>  Q 
r ;  A ;  Q  ■  B  <8>  C  ■  Q'  =>  Q 


6'  ::  r,A;A;Q-B-C-Q'  =>  Q 
T,  A ;  A ;  Q  ■  B  (8)  C  •  Q'  =>  Q 

cut  on  D'  and  6 
®R 


(b)  6  ends  with  a  right-active  rule,  say: 

61  ::  T,  A  ;  A  ;  Q 


£>::T;-; 


A; 


6  = 


B  fi2  -  T,  A  ;  A ;  Q  =>  C 


T;A;Q  =>  B 
T;A;Q  =>  C 
T;A;Q  =>  B&C 
(c)  D  ends  in  a  right-focal  rule,  say: 

D  ::  T;  • ;  •  =>  A ;  •  6  = 


T,A  ;  A  ;  Q  ==>  B&C 

cut  on  D  and 
cut  on  D  and  fi2 
&cR 

Si  ::  T,  A  ;  Ai  B  S2  ::  T,  A  ;  A2  ^  B 


T,  A ;  Ai,  A2  »  B  <g>  C 


cut  on  D  and  Si 
cut  on  D  and  S2 
®R 


T  ;  Ai  »  B 
r ;  A2  C 
T ;  Ai,  A2  »  B  0  C 
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Right-commutative  cuts.  Where  the  cut  formula  is  a  side-formula  on  the  right. 
Case.  D  ends  in  a  left-active  rule,  say: 


sy  ::  r  ;  A ;  Q  ■  B  ■  C  •  Q'  =>  A  ;  • 
T  ;  A  ;  Q  •  B  0  C  ■  Q'  =>  A  ;  • 


Subcase.  &  ::  T ;  A' ;  •  A  ■  Q'A  =»  y. 

r ;  A,  A' ;  QA  •  Q  •  B  ■  C  •  Q'  •  =>  y 

T ;  A,  A' ;  QA  •  Q  •  B  0  C  •  Cl'  ■  C1'A  =>  y 
Subcase.  6  ::  T ;  A',  A  ;  ==>  y. 

r  ;  A,  A' ;  QA  •  Q  •  B  ■  C  ■  O'  =>  D 
T ;  A,  A' ;  QA  •  Q  •  B  ®  C  ■  Q'  =>  D 


cut  on  jy  and  6 
0L. 


cut  on  D'  and  6 
0L 


Subcase.  Any  case  where  A  is  in  the  unrestricted  zone  in  the  conclusion  of  &  is 
impossible  as  there  are  some  linear  resources  in  the  conclusion  of  D. 

Cases  where  the  right  hand  side  of  the  conclusion  of  D  is  of  the  form  • ;  A  are  similar. 
Case.  D  ::T ;  A'  »  A  is  not  a  right-commutative  case  as  A  is  not  a  side-formula  in  this 
derivation. 

Case.  The  only  remaining  case  is  where  the  conclusion  of  D  is  a  neutral  sequent,  i.e., 
D  ::  T  ;  A  ;  •  ==>  • ;  A  and  A  is  right-synchronous.  By  the  structure  of  sequents,  it 
follows  that  A  is  right-synchronous.  There  are  only  two  cases  to  consider. 

Subcase  A  is  a  left-biased  atom  and  the  last  rule  in  D  is  rfoc.  In  this  case  A  is  not  a 
side-formula,  so  this  is  not  a  right-commutative  case. 

Subcase  The  last  rule  in  D  is  lfoc: 


£>'  ::  T  ;  A ;  P«  A 
T ;  A,  P ;  •  =>  • ;  A 

In  this  case,  the  strategy  is  to  permute  the  cut  upwards  in  &. 

Subcase  &  ::  T ;  A' ;  Q  •  A  •  Q'  =>  y  and  A  is  not  the  principal  formula  in  the 
last  rule  in  S.  For  example: 

fi"  ::  T ;  A  ;  Q  •  D  0  E  ■  O'  ■  A  ■  Q"  =>  y 
~  T  ;  A  ;  Q  ■  D  0  E  •  Q'  ■  A  ■  Q"  =>  y 

T ;  A,P,  A' ;  Q  •  D  •  E  •  Q'  •  A  •  Q"  =>  y  cut  on  D  and  £" 
T;A,P,A';Q-D0E-Q'  -A- Cl"  =»  y  0L 
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Subcase  £  ::  T ;  A' ;  Q  ■  A  ■  Q'  =>  y,  A  is  the  principal  formula.  If  Q  and 
Q'  are  not  empty,  or  y  is  of  the  form  C ;  •,  then  there  is  a  similar 
derivation  where  A  is  not  the  principal  formula  and  we  are  back  in 
the  previous  case.  Thus,  we  only  need  to  consider  the  case  where 
£  T ;  A' ;  A  =>  • ;  Q. 

T ;  A,  A ' ;  B  «:  Q  cut  on  D'  and  £  (type  5) 

T ;  A,  A',  B ;  •  =>  • ;  Q  lfoc 

Subcase  £  ::  T ;  A',  A  ;  Q  =>  y.  If  Q  is  non-empty  or  y  is  of  the  form  C ;  •, 
then  we  are  in  a  similar  situation  as  the  first  subcase.  Thus,  the 
only  interesting  case  is  where  £  ::  F  ;  A',  A  ;  •  ==>  ■ ;  Q. 

T ;  A,  A' ;  B  «:  A  cut  on  D'  and  £  (type  5) 

T ;  A,  A',  B ;  •  =>  • ;  Q  lfoc 


Type  5  cuts.  We  have  now  completed  the  inventory  of  all  cuts  except  those  of  type  5.  For 
these  cuts,  we  recurse  into  the  first  derivation  D  ::  T  ;  A ;  B  «:  A.  The  following  are  the  key 
cases. 


£  ::  T  ;  A' ;  A  =>  • ;  Q 

cut  on  D'  and  £  (D'  smaller) 

lb 


Case  D  ends  with  lb  or  lb*.  For  example,  for  lb, 

£>'  ::  T ;  A  ;  L  ==>  • ;  A 
T ;  A ;  L  A 

T ;  A,  A' ;  T  =»  ■ ;  Q 
T ;  A,  A' ;  T  «  Q 

The  case  for  £  ::  T  ;  A ',  A  ;  •  =>  • ;  Q  is  similar. 

Case  D  ends  with  a  left-focal  rule.  For  example: 

D  r;A;B&C«A  &Ll  £  ••  T,  A  ,  A  =>  • ,  Q 

T ;  A,  A' ;  B  «:  Q  cut  on  T)’  and  £  (type  5,  with  T)’  smaller) 

T ;A,A'  ;B&C«:Q  &L, 

Once  again,  the  case  for  £  ::  T ;  A',  A  ;  •  ==>  • ;  Q  is  similar. 


□ 


We  will  use  the  cut  theorem  to  show  that  all  rules  of  the  non-focusing  calculus  are 
admissible  in  the  focusing  calculus  by  interpreting  the  non-focusing  sequents  as  active 
sequents.  To  achieve  this,  we  first  need  the  equivalent  of  the  identity  principle  for  the 
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focusing  calculus:  T  A  =>  A  ;  •.  In  the  focusing  calculus  this  is  not  a  straightforward  in¬ 
duction  because  of  the  occurrence  restrictions  on  focal  sequents.  To  illustrate,  A  in  T  ;  A  »  A 
cannot  contain  any  left-asynchronous  propositions,  so  the  proof  of  T  ;  • ;  A  ®  B  ==>  A  ®  B  ;  • 
is  not  simply  a  proof  ofT  ;  A  <g>  B  »  A  <g)  B.  We  generalise  the  induction  by  furnishing  a 
proof  in  terms  of  an  expansion  of  these  asynchronous  propositions. 

Definition  6.8  (Expansion). 

1.  The  left-expansion  of  a  proposition  A,  written  lexp(A),  is  a  set  of  two-zoned  contexts 
defined  inductively  by  the  following  equations. 

lexp(P)  =  {(• ;  P)} 

lexp(A  <8>  B)  =  {(Ta  U  Tb  ;  Aa,  Ag)  :  (TA  ;  Aa)  £  lexp(A)  and  (IB  ;  AB)  £  lexp(B)} 
lexp(l)  =  {(• ;  •)} 

lexp(A  ®  B)  =  lexp(A)  U  lexp(B) 
lexp(O)  =  0 
lexp(!  A)  =  {A;-} 
lexp(Bx.A)  =  lexp([a/x]A) 

2.  The  right-expansion  of  a  proposition  A,  written  rexp(A),  is  a  set  of  elements  of  the  form 
T ;  A  =>  Q  defined  inductively  by  the  following  equations. 


rexp(Q)  =  {(•;•=>  Q)1 
rexp(A  &  B)  =  rexp(A)  U  rexp(B) 
rexp(T)  =  0 

rexp(A  B)  =  j(TA  U  TB  ;  AAr  AB 
rexp(Vx.A)  =  rexp([a/x]A) 


(Ta  ;  Aa)  £  lexp(A)  and 
(IB  ;  AB  =>  Q)  G  rexp(B) 


This  definition  is  associated  with  a  key  expansion  lemma. 

Lemma  6.9  (Expansion  lemma).  For  any  proposition  A: 

1.  For  any  T,  A,  Q  and  y, 

if  for  every  (F  ;  A')  £  lexp(A),  the  sequent  T,  F  ;  A,  A' ;  Q  =>  y  is  derivable, 
then  T ;  A ;  Q  •  A  =>  y. 
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• ;  Q'  is  derivable, 


2.  For  any  I,  A  and  Q, 

if  for  every  (F  ;  A'  =>  Q')  G  rexp(A),  the  sequent  Y,  F  ;  A,  A' ;  Q  => 
then  f  ;  A ;  Q  =>  A  ;  •. 


Proof  By  induction  on  the  structure  of  A.  We  present  here  some  of  the  key  cases. 


Case  of  A  is  left-asynchronous,  say  B  0  C,  and  arguing  for  lexp(A).  Let  I  ,  A,  Q  and  y 
be  given  and  assume  that  for  every  (F  ;  A')  G  lexp(B  0  C),  Y,  F ;  A,  A' ;  Q  =>  y. 
Choose  such  a  (F  ;  A')  Glexp(A0B).  By  definition  6.8  (F  ;  A')  has  the  form 
(T^  U  Y'c  ;  Ag,  A^.)  such  that  (T^  ;  Ag)  G  lexp(B)  and  (T^ ;  A^)  G  lexp(C). 

r, F  \  Tg  ;  A ;  Q  ■  B  ==>  y  i.h.  for  B,  (r,F  \  Y'f),  A,  and  Q 

r ;  A ;  Q  ■  B  ■  C  =>  y  i.h.  for  C,  Y,  A  and  (Q  ■  B) 

T ;  A ;  Q  ■  B  0  C  =>  y  0L 

Then  we  note  that  this  conclusion  is  independent  of  the  choice  of  (F  ;  A').  Other 
cases  of  lexp(A)  with  A  being  left-asynchronous  have  similar  arguments. 

Case  of  A  =  P  and  arguing  for  lexp(A).  In  this  case,  any  (F  ;  A')  G  lexp(A)  has  the  form 

T  ;  A,  P ;  Q  =>  y  assumption 

T ;  A ;  Q  •  P  =>  y  lact 

This  completes  the  inventory  of  cases  for  lexp. 

Case  of  A  =  B  &  C  and  arguing  for  rexp(A).  Let  T,  A  and  Q  be  given  and  assume  that 
for  every  (F  ;  A'  =>  Q')  G  lexp(B  &  C),  T,F  ;  A,  A' ;  Q  =>  ■ ;  Q'.  By  definition  6.8 


lexp(B  0  C)  =  lexp(B)  U  lexp(C)  the  outer  quantification  also  holds  for  each  compo¬ 
nent  of  the  union;  i.e.,  for  every  (F  ;  A'  =>  Q')  G  lexp(B),  T,  F  ;  A,  A' ;  Q  =»  • ;  Q', 
and  similarly  for  lexp(C). 

T  ;  A ;  Q  ==>  B  ;  •  i.h.  on  B,  T,  A  and  Q 

T  ;  A ;  Q  =>  C ;  •  i.h.  on  C,  T,  A  and  Q 

T  ;  A ;  Q  =>  B  &  C  ;  •  &P 


Other  cases  for  rexp(A)  with  A  being  right-asynchronous  have  similar  arguments. 
Case  of  A  =  Q  and  arguing  for  rexp(A).  In  this  case,  all  (F  ;  A'  =>  Q')  G  rexp(A)  have  the 
form  (• ;  •  =>  Q). 
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r  ;  A ;  Q  =>  ■ ;  Q 
T  ;  A ;  Q  =>  Q  ;  • 

This  completes  the  inventory  of  all  cases  for  rexp(A). 


assumption 

ract 

□ 


We  use  the  expansion  lemma  to  establish  the  key  theorem  that  will  give  us  the  identity 
principle  as  a  corollary 

Theorem  6.10. 

1.  For  any  proposition  A,  for  every  (T ;  A)  e  lexp(A),  we  can  show  T ;  A  »  A. 

2.  For  any  proposition  A,  for  every  (T ;  A  =>  Q)  e  rexp(A),  we  can  show  T ;  A ;  A  «:  Q. 


Proof.  By  structural  induction  on  A  and  the  definition  of  lexp  and  rexp  (defn.  6.8 1.  In 
the  inductive  argument,  the  case  for  rexp(Q)  where  Q  is  non-atomic  can  be  used  in  the 
argument  for  lexp  (A)  (and  lexp  (P)  for  rexp  (A)  similarly).  This  order  is  well-founded  be¬ 
cause  there  are  only  finitely  many  phase  changes  between  synchronous  and  asynchronous 
subformulas  in  a  given  proposition.  We  show  below  some  of  the  key  cases  of  the  induction. 


Case  of  lexp(A  <g>  B ):  every  (T ;  A)  e  lexp(A  <g>  B)  is  of  the  form  (FA  U  TB  ;  Aa,Ab)  where 
(Ta  ;  Aa)  e  lexp(A)  and  (TB  ;  AB)  e  lexp(B). 


rA;  Aa»A 
TaUTb;Aa»A 
Ta  U  Tb  ;  Ab  »  B 
TaUTb;  Aa,  Ab  »  A  <g>  B 


i.h. 

weakening  (thm.  6.3 ) 
similarly 
®R. 


All  inductive  cases  of  lexp  are  similar. 

Case  of  rexp(A  &  B):  let  (T ;  A  ==>  Q)  e  rexp(A  &  B)  be  given.  By  defn|6.8|  we  have  (with¬ 
out  loss  of  generality),  (T ;  A  =>  Q)  e  rexp(A). 

T;  A;  A<scQ  i.h. 

T;A;A&B^cQ  &Lj. 

The  other  inductive  cases  of  rexp  are  similar. 

Case  of  lexp(Q):  There  are  three  sub-cases  here. 

Subcase  Q  is  a  left-biased  atomic  proposition  p(t).  By  rinit,  • ;  p(t)  »?$• 

Subcase  Q  is  a  right-biased  atomic  proposition  p(t). 
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• ;  • ;  p(5  «:  pit)  Unit 

• ;  p(5 ;  •  =>  • ;  p(5  lfoc 

• ;  p(t)  »  p(t)  rb* 

Subcase  Q  is  a  non-atomic  proposition.  Because  it  is  left-synchronous,  it  is  right- 
asynchronous. 

For  every  (r ;  A  =>  Q')  e  rexp(Q),  T ;  A ;  Q  «:  Q'  i.h.  (type  2) 

For  every  (r ;  A  =>  Q')  e  rexp(Q),  r ;  A,  Q  ;•=>•;  Q  lfoc 

• ;  Q ;  •  =>  • ;  Q  expansion  lemma  (lem.  6.9) 

• ;  Q ;  •  =>  Q ;  •  ract 

• ;  Q  »  Q  rb 

The  case  of  rexp(P)  is  similar.  □ 


Corollary  6.11  (Identity  principle). 

For  any  proposition  A,  the  sequent  ■ ;  • ;  A  ==>  A;-  is  derivable. 


Proof.  Suppose  A  is  right-synchronous,  i.e.,  of  the  form  Q.  There  are  three  cases  here. 
Case  A  is  a  right-biased  atomic  proposition  p(t). 


p(t 5 

linit 

• ;  p(i 5 ;  ■  =>  ■ ;  p(5 

lfoc 

• ;  • ;  p(5  =>  p(t) ;  • 

lact  and  ract 

Case  A  is  a  left-biased  atomic  proposition  p(t). 

■ ;  p(t) »  p(f5 

rinit 

■ ;  p(5 ;  ■  =>  ■ ;  p(?) 

rfoc 

■ ;  ■ ;  p(5  =>  p(f ;  • 

lact  and  ract 

Case  A  is  a  non-atomic. 

For  every  (r ;  A)  G  lexp(A),  T ;  A  »  A 

theorem  6.10 

For  every  (r ;  A)  €  lexp(A),  T ;  A ;  ■  =>  ■ ;  A 

rfoc 

Note  that  A  is  non-atomic  and  right-synchronous,  hence  focile. 


the  expansion  lemma  (lem.  6.9 ) 

ract 


The  case  of  A  being  left-synchronous  has  a  similar  argument. 


□ 
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This  specific  statement  of  the  identity  principle  will  not  be  used  in  the  completeness 
proof  below;  instead,  we  will  use  a  slightly  variant  formulation. 

Lemma  6.12.  The  following  are  derivable  (for  arbitrary  T,  A  and  B): 

1.  • ;  • ;  A  ■  B  =>  A®B  ;  • 

2  •  •  •  •  •  =>  1  •  • 

3.  • ;  • ;  A  =>  A  ©  B  ;  •  and  T  ;■  ;B  =>  A®B  ;■ 

4.  A  ;  • ;  •  =>  !A  ;  • 

5.  • ;  • ;  [a/x]A  ==>  3x.A ;  • 

6.  • ;  • ;  A  &  B  =>  A ;  •  and  T ;  • ;  A  &  B  =>  B ;  • 

7.  • ;  • ;  A  ■  A  -o  B  =>  B ;  ■ 

8.  • ;  • ;  Vx.A  =>  [a/x]A  ;  • 


Proof  Each  case  is  a  simple  consequence  of  the  identity  principle  (cor.  6.11 ).  The  following 
is  a  representative  case  for  A<S>B. 


■r  -,A®B  =>  A®B  y 


cor. 


6.11 


There  are  two  rules  that  can  conclude  this  sequent:  ract  or  ®L.  In  the  former  case 


■  ■■  ;A®B  ■  -A®B 
■ ;  • ;  A  •  B  ==>  ■  ;A®B 
.;.;A-B=>A®B;- 


assumption 
premiss  of  ®L  (only  possible  rule) 

ract 


In  the  latter  case,  the  premiss  is  already  of  the  required  form  • ;  ■ ;  A  •  B  =>  A  ®  B  ;  ■  The 
remaining  cases  use  similar  arguments.  □ 

Theorem  6.13  (Completeness). 

IfT  ■  A  ==>  C  and  Q  is  any  serialisation  of  A,  then  T ;  • ;  Q  =»  C ;  •. 


Proof  First  we  show  that  all  ordinary  rules  are  admissible  in  the  focusing  system  using 
cut.  We  then  proceed  by  induction  on  derivation  D  ::  T ;  A  =>  C,  splitting  cases  on  the 
last  applied  rule,  using  cut  and  lemmas  6.4  and  6.12  as  required.  The  following  is  a 
representative  case  for 


£>  = 


Di  ::T ;  A  =>  A  D2  ::  T ;  A2 


B 


T ;  A,  A'  =>  A  ®  B 
Let  Q  and  O'  be  serialisations  of  A  and  A'  respectively. 
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i.h.  on  T>\ 
i.h.  on  £>2 


r  ;  • ;  Q  ==>  A  ;  • 
r  ;  • ;  Q'  =>  B  ;  • 
r  ;■  ;A-B  =^>  A®B  ;■ 
T;  =>A®B;- 


lem.  6.12  and  weakening  (thm.  [63]) 

cut  twice 


Any  serialisation  of  A,  A'  is  a  permutation  of  Q  ■  O'.  □ 

As  a  remark,  once  we  have  the  cut  and  the  identity  principle,  the  proof  of  completeness  is 
extremely  straightforward.  There  are  other  proofs  of  completeness  of  focusing  calculi  in 
the  literature  that  do  not  use  cut-elimination  as  a  basis.  Andreoli's  original  proof  of  com¬ 
pleteness  for  a  classical  focusing  calculus  in  0  used  a  number  of  permutation  arguments 
for  rules.  Howe's  extension  of  focusing  to  intuitionistic  and  linear  logics  divided  each 
case  of  Andreoli's  permutation  argument  into  a  number  of  lemmas  |57|.  Each  of  Howe's 
lemma  actually  bears  a  strong  resemblance  to  one  of  the  commutative  cases  of  cut,  though 
a  precise  correspondence  is  hard  to  state  given  the  dissimilarities  of  the  two  calculi.  We 
believe  that  cut  and  identity — independent  of  their  use  in  proving  completeness — are 
sufficiently  interesting  in  and  of  themselves  as  they  substantiate  the  logical  basis  of  fo¬ 
cusing.  Similar  notions  of  cut  and  cut-admissibility  also  exist  in  Ludics  Il44l.  though  our 
calculus  and  Ludics  are  philosophically  dissimilar  enough  that  we  cannot  simply  import 
the  cut-admissibility  argument  from  Ludics.  Rather,  we  choose  to  view  our  proof  of  cut- 
admissibility  as  belonging  to  a  different  tradition  which  sometimes  goes  by  the  keyphrase 
"structural  cut-eliminiation"  l92l. 


6.2  Forward  focusing 

As  mentioned  earlier,  the  primary  benefit  of  focusing  is  the  ability  to  generate  derived 
"big  step"  inference  rules:  the  intermediate  results  of  a  focusing  or  active  phase  are 
not  important.  Andreoli  called  these  rules  "bipoles"  because  they  combine  two  phases 
with  principal  formulas  of  opposite  polarities.  Each  derived  rule  starts  (at  the  bottom) 
with  a  neutral  sequent  from  which  a  synchronous  proposition  is  selected  for  focus.  This 
is  followed  by  a  sequence  of  focusing  steps  until  the  proposition  under  focus  becomes 
asynchronous.  Then,  the  active  rules  are  applied,  and  we  eventually  obtain  a  collection 
of  neutral  sequents  as  the  leaves  of  this  fragment  of  the  focused  derivation.  These  neutral 
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sequents  are  then  treated  as  the  premisses  of  the  derived  rule  that  produces  the  neutral 
sequent  with  which  we  started. 


The  derived  rule  calculus  will  be  formally  presented  in  sec.  6.2.2  here,  we  will  mo¬ 
tivate  it  with  an  example.  Consider  the  negative  proposition  q  0  h  -°  d  0  d  0  ^  in  the 
unrestricted  context  T.  We  start  with  focus  on  this  proposition,  and  construct  the  follow¬ 
ing  derivation  tree. 


r ;  A!  =>  q  r ;  a2  =>  n 

r  /  a^  /  ■  •’  ,  r ,  a2  ,  ■  y  ft ,  ■ 

T ;  Ai  »  q  rb  T  ;  A2  »  n  rb 

- Fa - X - F -  ®R 

T ;  Ai,  A2  »  q  0  n 

T ;  Ai,  A?,  A3  ;  q  0  n  — 

T ;  Ai,  A2,  A3 


T ,  A3,  d,  d,  d  ' ,  Q 


T  ;  A3  ;  d  <S>  d  <S>  d 


;Q 


T ;  A 3;d(g)d(8)d<^Q 


0L;<8)L;  lact  X  3 
lb 


d  0  d  0  d<sz.  Q 


Q 


copy 


Here  we  assume  that  all  atoms  are  right-biased,  so  none  of  the  branches  of  the  derivation 
can  be  closed  off  with  an  "init"  rule.  Thus,  we  obtain  the  derived  rule: 

T  ;  A1  =>  q  Y  ;  A2  =>  n  T  ;  A3,  d,  d,  d  =>  Q 


T ;  Ai,  A2,  A3  =>  Q 


(D 1) 


The  situation  is  considerably  different  if  we  assume  that  all  atoms  are  left-biased.  In 
this  case,  we  get  the  following  derivation: 

T ,  A,  d ,  d ,  d  ■*  m ,  Q 


linit 


linit 


Y;q-»q  T  ;n^>n  “““  T;A;d0d0d^-;Q 

-  0R  — r-, — X ,  „  ,  „  ,  7T7X —  lb 


0L;0L;  lact  x  3 


T  ;g,n»ij0n 


T  ;A;d0d0d<sQ 


T ;  g,  n,  A-,q®n-od®d®d<£.Q 


T;qrn, A  =>  Q 


copy 


In  this  left-biased  case,  we  can  terminate  the  left  branch  of  the  derivation  with  a  pair  of 
"init"  rules.  This  rule  forces  the  linear  context  in  this  branch  of  the  proof  to  contain  just 
the  atoms  q  and  n.  The  derived  rule  we  obtain  is,  therefore. 


T  '/  A,  d ,  d ,  d  / 

T;  A,q,n  =>  Q 


(D2) 


There  are  two  key  differences  to  observe  between  the  derived  rules  (Di)  and  (D2).  The 
first  is  that  simply  altering  the  bias  of  the  atoms  has  a  huge  impact  on  the  kinds  of  rules 


3This  is  the  same  change-machine  example  from  sec. 


3.2.1 
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that  are  generated;  even  if  we  completely  ignore  the  semantic  aspect,  the  rule  (D2)  is  vastly 
preferable  to  (Di)  because  it  is  much  easier  to  use  single  premiss  rules. 

The  second  —  and  more  important  —  observation  is  that  the  rule  that  was  generated 
for  the  left-biased  atoms  has  a  stronger  and  more  obvious  similarity  to  the  proposition 
q  ®n  -o  d®  d®  d  that  was  under  focus.  If  we  view  the  linear  zone  as  the  "state"  of  a 
system,  then  the  rule  (D2)  corresponds  to  transforming  a  portion  of  the  state  by  replacing 
q  and  n  by  three  ds  (reading  the  rule  from  bottom  to  top).  If,  as  is  common  for  linear  logic, 
the  unrestricted  context  T  contains  state  transition  rules  for  some  encoding  of  a  stateful 
system,  then  the  derived  rules  generated  by  left-biasing  allows  us  to  directly  observe  the 
evolution  of  the  state  of  the  system  by  looking  at  the  composition  of  the  linear  zone. 


We  now  construct  the  forward  version  of  the  focusing  calculus.  The  general  design  is 
that  intermediate  sequents  in  the  eager  active  and  focusing  phases  are  not  be  stored  in  any 
sequent  database;  instead,  all  sequents  constructed  during  search  are  neutral  sequents 
at  the  phase  boundaries.  This  is  achieved  by  first  precomputing  the  derived  rules  that 
correspond  to  the  frontier  literals  (see  defn.  6.24[)  of  the  goal  sequent. 


6.2.1  Backward  derived  rules 


For  any  given  proposition,  we  are  interested  in  constructing  a  derived  inference  for  the 
proposition  corresponding  to  a  single  pair  of  focusing  and  inverse  phases.  There  are, 
however,  important  differences  between  backward  reasoning  bipoles  and  their  forward 
analogue.  As  shown  in  the  proofs  of  completeness  for  forward  calculi  (for  example,  the¬ 
orem  |3TT|),  forward  sequents  generally  have  fewer  components  than  backward  sequents; 
as  forward  rules  have  tight  matching  criteria,  a  stronger  sequent  will  often  fail  to  match 
an  inference  rule.  The  intent  of  this  section  is  to  transfer  the  idea  of  bipoles  to  forward 
derived  rules.  The  details,  particularly  the  proof  of  completeness  (thm.  6.23[>,  turn  out  to 
be  surprisingly  subtle,  so  for  presentation  purposes  we  recall  the  backward  construction 
of  bipoles. 


The  essential  idea  is  to  interpret  a  proposition  itself  as  the  (derived)  rules  that  it 
embodies.  Every  proposition  is  viewed  as  a  relation  between  the  conclusion  of  the  rule 
and  its  premisses  at  the  leaves  of  the  bipole.  Both  the  conclusion  and  the  premisses  of 
this  bipole  are  neutral  sequents,  which  we  indicate  by  means  of  a  double-headed  sequent 
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right-focal 

p  left-biased 

f°c|(p)[r  ;p  =»  •]  ■  rmit 

focJ(A)[r;A!  =»■]--»£! 
foci (A)[T ;  A2  =»  •]  E2 

- - -  - 

foe; (A  <g>  B)[T ;  Alr  A2  =»  •]  Ei  •  E2  foc;(l)[r 

foc|(Az)[s]  ^  E  ac%(-  ;■;■=>  A)[r ;  •  =3*  •]  ^  E 

_ _ _  -  f  F 

focJ(A!©A2)[s]  ^E  1  focJ(!A)[r;-=»-]^E 

foc;([f/x]A)[r ;  A  =»  •]  <^-»  E  actft(-  ;■;■=>  R)[s]  ^  E  ^  ^ 

foc|(3x.A)[T ;  A  =»  e”  3F  focJ(R)[s]  E  FA 


left-focal 

p  right-biased 

foc;(p)[r;-=»p]  — •  limt 

fbc;(B)[r ;  Ai  =»  Q]  ^  Ei 
f0C;(A)[r ;  A2  =»  •]  ^->  E2 
foe- (A  -O  B)[F ;  A2/  A2  =»  Q]  Ex  •  E2 


focft(A,-)[s]  ^  E 
foc;(Ai  &A2)[s]  ^  E  ' 

fbejf([f/ac]A)[r;A=»Q]-»E 
foc;(Vx.A)[r ;  A  =»  Q]  c— >  E  VF 

FA~ 


-oF 

actft(-;-;L=>  -)[s]^-»E 
foe; (L)[s]  E 


Figure  6.2:  backward  derived  rules:  focal  phase 


arrow  (=»).  Given  a  neutral  conclusion  F ;  A  =»  Q,  one  proposition  from  r,  A  or  Q  is 
selected  for  focus,  and  the  relational  interpretation  of  the  conclusion  with  respect  to  the 
selected  proposition  provides  the  new  (neutral)  premisses  of  the  bipole. 

There  are  three  important  classes  of  these  relational  interpretations: 

1.  Right  focal  relations  for  the  focus  formula  A,  written  foc^fA). 

2.  Left  focal  relations  for  the  focus  formula  A,  written  foc;(A). 

3.  Active  relations,  written  act^T ;  A ;  Q  ==>  £),  where  £  is  either  •  or  a  proposition  C. 


Each  relation  R  takes  as  input  the  conclusion  sequent  s,  and  produces  a  sequence  of 
premiss  sequents  E  =  Si  •  s2  •  •  •  sn;  we  write  this  as  R[s]  E. 


These  relations  are  defined  in  fig.  6.2  and  6.3  The  focal  relations  are  understood 
as  defining  derived  rules  corresponding  to  a  given  proposition.  If  in  a  neutral  sequent 
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Figure  6.3:  backward  derived  rules:  active  phase 


T ;  A  =»  Q  we  focus  on  the  right,  then  focj(Q)  would  relate  this  sequent  to  the  possible 
premisses  in  the  entire  bipole. 

(foc1t(Q)[r ;  A  =»  •]  <— >  si  •  s2 •  •  •  s„)  Si  S2  •••  s„ 

r ;  A  =»  Q  f0Cft 

Similarly  for  foc^  we  have  two  rules: 

(foc^(P)[r  ;  A  ==»  Q]  ^  Si  •  S2  •  •  •  Sfij  Si  S2 
r ;  A,  P  =»  Q 

f0C||(A)[r,  A ;  A  ==»  Q]  <— »  Si  •  S2  •  •  •  s„)  Si  S2 
r,A ;  A  =»  Q 

Theorem  6.14  (soundness).  Say  that  T ;  A  =»  Q  is  sound  ifT ;  A ;  •  =>  ■  ;Q  is  derivable. 
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1.  J/focJ(A)[T ;  A  =»  E  and  E  are  sound,  then  Y ;  A»  A. 

2.  If  foc^(A)[T ;  A  =»  Q]  E  and  E  are  sound,  then  Y ;  A ;  A  «:  Q. 

3.  If  ac%(T ;  A ;  Q  =>  -)[F ;  A'  =»  Q] c— »  E  and  E  are  sound, 
then  Y,  F  ;  A,  A' ;  Q  =>  • ;  Q. 

4.  If  actft(r ;  A ;  Q  =>  £)[F  ;  A'  =»  •] c— »  E  and  E  are  sound, 

then  T,  F  ;  A,  A' ;  Q  =>  R ;  •  or  Y,  F  ;  A,  A' ;  Q  =>  ■ ;  Q  depending  on  whether  t  =  R  or 

£  =  Q- 

5.  Iff  ;  A  =»  Q,  then  Y ;  A  =>  • ;  Q. 

Proof  sketch.  The  first  three  parts  are  proven  by  structural  induction  on  the  given  rule 
relations  foc|,  foc^  and  ac%,  where  the  induction  hypothesis  may  be  used  whenever  the 
focused  formula  or  the  height  the  ac%  derivation  is  smaller.  Part  4  is  a  direct  consequence 
of  parts  1  and  2.  □ 

Theorem  6.15. 

1.  IfY ;  A  »  A,  then  for  some  E, 

(a)  foc|(A)[T ;  A  =»  ■]  E,  and 

(b)  E  are  all  derivable. 

2.  IfY  ;  A ;  A  <sc  Q,  then  for  some  E, 

(a)  foc^(A)[T ;  A  =»  Q]  ^  E,  and 

(b)  E  are  all  derivable. 

3.  IfYxJo ;  Ai,  A2 ;  Q  =>  £  i±J  y  (where  £  i±)  y  means  either  L,  or  y  is  empty),  then  for  some  E 

(a)  actft(T1 ;  Ai ;  Q  ==>  £)[T2  ;  A2  =»  y] <— »  E, 

(b)  E  are  all  derivable. 


Proof.  By  induction  on  the  structure  of  the  given  backward  focusing  derivation,  D.  The 
following  are  sketches  of  a  few  representative  cases. 

Case  ®R: 


D  = 


ID\  ; ;  T  )  Ai  ss>  A  £)2  : ;  T  )  A2  B 
Y  ;  Ai,  A2  »  A  0  B 


foc^(A)[T  ;  Ai  =»  •] c— >  Ei  and  Ei  are  derivable 
foe  J(B)[T  ;  A2  =»  •]  »  E2  and  E2  are  derivable 


i.h.  on  D x 
i.h.  on  D2 
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•]  Ei  •  E2  by  the  definition  of  foc|. 


Then  note  that  foc^(A  0  B)[T  ;  Alf  A2 
Case  &Li: 


D'  ::  T  ;  A ;  A  «  Q 
T  ;  A  ;  A  &  B  «:  Q 


&L  i 


foc^  (A)[T  ;  A  ==»  Q]  E  and  E  are  derivable  i.h.  on  !D' 

Then  note  that  foc^(A  &  B)[T ;  A  =»  Q] »  E  by  definition  of  foc^. 

Case  Case  0L: 

::  r,T';A,A';Q-A-B-Q'  =>  y  ^ 

D  ~  Ti,T2;  A1/A2;Q -A0B  ■  O'  =>  y  ®L 

Let  yi  and  y2  be  such  that  y 1 i±J  y2  =  y. 

actj|(ri ;  Ai ;  Q  •  A  •  B  ■  Q'  =>  yi)[r2  ;  A2  =^>  y2]  E  and  E  are  derivable  i.h. 

Then  note  that  act^Tj ;  A! ;  Q  ■  A  0  B  ■  Q'  =>  yi)[T2  ;  A2  =»  y2] c— ■»  E  by  the  defini¬ 
tion  of  actff. 

Case  &cR: 


D 


Di  ::  Ti, T2  ;  Q  =>  A  ;  •  P2  ::  T2/T2  ;  Q  =>  B  ;  • 
Ti,r2  ;  Aj,  A2  ;  O  /  A  &  B  ;  • 


&B 


actft(IT  ;  Ai ;  Q  ==>  A)[T2  ;  A2  =»  •]  ^  Ei  and  E2  are  derivable  i.h.  on 

act^IT ;  Ai ;  Q  =>  B)[T2  ;  A2  =»  •]  E2  and  E2  are  derivable  i.h.  on  D2 

Then  note  that  actft((T1 ;  Ai ;  Q  =>  A  &  B)[T2  ;  A2  =»  •]  E2  •  E2  by  the  definition 
of  actft.  □ 


Corollary  6.16  (Completeness).  IfT ;  A ;  •  =>  • ;  Q  then  T ;  A  =»  Q. 


Proof  sketch.  Straightforward  application  of  theorem  6.15  The  last  rule  used  to  derive 
T ;  A ;  ■  =>  ■ ;  Q  is  one  of  lfoc,  rfoc  or  copy;  correspondingly  we  have  the  derived  rules 
foot,  focE  and  !  focA  □ 


6.2.2  Forward  derived  rules 

The  essential  idea  of  adapting  backward  derived  rules  to  the  forward  direction  is  fairly 
simple:  instead  of  producing  new  goals  from  a  given  conclusion,  assemble  the  conclusion 
from  a  collection  of  given  premisses.  While  the  approach  may  seem  straightforward,  there 
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is  however  a  fairly  major  difference:  the  forward  direction  does  not  have  every  proof  that 
is  possible  in  the  backward  direction.  As  demonstrated  in  thm.  3.11[  the  forward  calculus 
finds  stronger  proofs;  in  particular,  not  all  backward  focusing  proofs  have  a  corresponding 
forward  proof  because  the  premisses  of  a  derived  rule  might  not  be  matched  in  the 
forward  direction.  Consider,  for  instance,  showing  that  • ;  (p  ®  cj)  &  r  =»  TOT:  there  is 
no  forward  proof  corresponding  to  the  the  backward  proof  that  begins  by  focusing  on 
(p  0  q)  &  r  on  the  left,  because  there  is  no  forward  sequent  that  will  match  the  premiss  of 
the  &Li  rule.  The  completeness  theorem  in  the  forward  direction  is  thus  a  fairly  complex 
result. 


We  have  to  slightly  generalize  the  context  composition  operators  into  a  language  of 
context  expressions.  In  the  simplest  case,  we  merely  have  to  add  a  given  proposition 
to  the  linear  context,  irrespective  of  the  weak  flag.  This  happens,  for  instance,  in  the 
"Hoc"  rule  where  the  focused  proposition  is  transferred  to  the  linear  context.  We  write 
this  adjunction  as  usual  using  a  comma.  In  the  more  general  case,  however,  we  have  to 
combine  two  context  expressions  additively  or  multiplicatively  depending  on  the  kind  of 
rule  they  were  involved  in;  for  these  uses,  we  appropriate  the  same  syntax  we  used  for 
the  single  step  compositions  in  the  previous  section. 


(context  expressions)  D  ::=  [A]a,  |  D,  A  \  T>\  +  T>i  I  T>\  x  D2 


Context  expressions  can  be  simplified  into  forward  contexts  in  a  bottom-up  procedure.  We 
write  D  t— ■»  [A]zt)  to  denote  that  D  simplifies  into  [A]n,;  it  has  the  following  rules. 


[A]ry  c  *  [A] a, 


D  [Aja,  ID\  [Ai]lyi  D 2  [A2]a;2 

[A,  A]w  *D\  +  D2  [Ai^  +  [Ado* 

^  ^  [A-2\zv2 

X  [Ai]a,j  X  [A2]a>2 


We  proceed  to  constructing  the  forward  versions  of  the  relations  in  the  earlier  section, 
focj,  focjj  and  actjj.  These  relations  take  a  sequence  of  forward  sequents  as  input,  corre¬ 
sponding  to  the  premisses  of  the  derived  rule,  and  construct  the  conclusion  as  their  output. 
Like  with  the  backward  derived  rules  calculus,  we  use  a  different  sequent  arrow,  — »,  to 
distinguish  the  forward  derived  rules.  As  usual,  this  is  a  calculus  of  neutral  sequents,  i.e., 
all  propositions  in  A  (resp.  y)  in  T  ;  [A]a;  — »  y  are  left-  (resp.  right-)  synchronous. 
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The  derived  rule  for  positive  subformulas  is: 

Si  s2  •••  sn  (focJ(Q)[si  ■s2”-sn]  ^->T;D — »  •) 
r ;  D  — »  Q 

Similarly,  for  negative  propositions,  we  have  two  rules: 

Si  s2  •••  sn  (foc^(P)[si-s2---sfl]^r;£> — » Q) 
T;D,P^>Q 

Si  s2  •••  sn  (foc^(A)[s!  •  s2 •  •  •  s„]  T ; £) — »  Qj 

T ,A;D  — »  Q 


foci 


foe; 


!fOCn 


These  sequents  with  unsimplified  contexts  are  simplified  in  one  step  using  the  following 
rule: 


T ;  D  — »  y  D  [A]a 
T  ;  [A\w  — »  y 


simplify 


These  relations  are  defined  in  fig.  6.4  and  6.5  For  the  "match"  rule,  the  notation  y\£  is 
defined  as  y  if  £  =  •,  and  as  •  if  y  —  £  =  Q. 

As  as  simple  example,  consider  the  negative  subformula  P  =  p&  ^-°r&(s<g>f)  for 
which  we  attempt  to  match  the  three  sequents  Si  =  Ti ;  [Ai]i  — »  p,  s2  =  T2  ;  [A2]0  — »  q, 


and  s3  =  T3  ;  [A3,s]i  — »  y  with  t  £  A3  and  Aj  c  A2.  Consider  the  derivation  in  figure  6.6 


Thus,  the  application  of  the  full  derived  rule  for  P  matched  against  the  sequents  Si,  s2 
and  s3  is,  precisely, 

Ti ;  [A3]i — »  p  T2;[A2]0 — »q  T3;[A3,s]i — »y 


T3J1J2  ;  ^[A3]i  x  ([Ai]0  +  [A2]i^j,P  — 


y 


To  show  soundness,  we  simply  follow  the  structure  of  the  definitions  of  ac%,  focj  and 
fc)Cy\  The  structure  of  the  proof  is  similar  to  those  of  theorems  3.9  and  5.9  As  usual,  for 


the  induction  to  hold  we  need  to  generalize  the  induction  hypothesis  to  state  that  every 
weakened  form  of  a  weak  sequent  is  sound. 

Definition  6.17. 

1.  The  sequent  T ;  [A]0  — »  C  is  sound  if! ;  A  =>  C. 
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right-focal 


p  left-biased 


foc;(A)[E1] 

focJ(A)[E2] 


foe  J(p)[-] 

Ti ;  Di  — » 

r2 ;  D2  — » 


■ ;  [p]o 


linit 


focJ(A  <g>  B)[Ei  •  E2] 


fOCJ(A;)[E] 


ri,r2 ; D|  x  d2  — * 
actjj(- ;  ■ 


®F 


focJ(A!©A2)[E] 


®F; 


focJ(l)[-]  ^ 
A)[E]  — T;!-]* 


• ;  []o 


IF 


focJ([f/x]A)[E] 
focJ(3x.A)[E]  - 


3F 


focJ(!A)[E] 

actu(- ;  ■ ;  ■  = 


r ;  [-]o 
R)[ E]  - 


f0C|T(F)[E] 


FA4 


left-focal 


p  right-biased 


f0C„  (p)[- 


■ ;  No 


rinit 


focu(A)[E] 


foe ,7 (A i  &A2)[E] 


&F; 


f°C||(B)[Ei]  Ti ;  £>i  - 
focJ(A)[E2]^r2;D2 


r 


foCii  (A  -o  B)[Ei  •  E2]  Ti,  r2  ;  £>i  X  £)2 


f0C||([f/x]A)[E] 
foc7(Vx.A)[E]  - 


VF 


act||(-;-;F  =>  -)[E] 
foc,7(F)[E]  ^  s 


FA~ 


IF 


r 


-oF 


Figure  6.4:  Forward  derived  rules:  focal  phase 


2.  The  sequent  T ;  [A]i  — »  y  is  sound  ifT ;  A'  =>  Cfor  every  A'  2  A  and  C  2  y. 
Lemma  6.18.  I/E  are  sound,  then 

1.  Ifiocl(A)[L]^T;[A]w-  -»  ■,  i/ren  r ;  [A]w  -  -»  A  is  sound. 

2.  Iffocy  (A)[E]  T ;  [A]„,  — »  y,  ilzen  T ;  [A,  A]^  — »  y  zs  sound. 

3.  If  aetj/r ;  A;  Q  ==>  y)[E]  c-h>  T' ;  [A']^  — »  y',  iizen 

(a)  ifw  =  0,  f/zen  y  =  C  and  T,  T' ;  A,  A' ;  Q  =>  C ;  •. 

(b)  ifw  -  1,  then  F,  F' ;  A"  ;  Q  ==>  C ;  • for  any  A"  2  A,  A'  and  C  2  y. 


Proof  sketch.  Structural  induction  the  definitions  of  focj,  focy  and  aetjj.  The  proof  in  the 
forward  direction  is  essentially  identical  to  that  of  theorem  6.14  □ 


Corollary  6.19  (soundness).  IfT ;  [A]a,  — »  y  is  derivable,  then  it  is  sound. 
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active  (f  is  of  the  form  •  or  Q) 


ac%(r ;  A ;  Q  =>  A)[ Ea]  — »  • 

ac%(r ;  A ;  Q  =>  B)[E2]  ^T2)D2^>- 
3Ct||(r ;  A ;  Q  /  A  &  B)[Ei  •  E2] 1 — *  Ih,  r2  D\  +  rD2  — » 

-  T  A 

a(%(r ;  A ;  Q  ==>  T)[-]  e—>  ■ ;  [-Jx  — »  • 

act||(r ;  A ;  Q  •  A  •  Q'  =>  £)[Ei]  ^>T\)D\  — »  yx 
actj|(r ;  A ;  Q  •  B  •  Q'  =>  £)[E2]  ^  T2  ;  D2  — »  y2 
actj|(r ;  A;  Q  •  A  ®  B  ■  Q'  =>  £)[EX  •  E2]  ^r1ur2;Di  +  ^2-» 

_  n  A 

actj|(r ;  A ;  Q  •  0  •  Q'  =>  £)[•]  • ;  [-]i  — »  ■ 

act||(F ;  A ;  Q  •  A  =>  B)[E]  s 
actjjXf ;  A ;  Q  =>  A  -o  B)[ E]  s 

actu(r ;  A ;  Q  =>  B)[E]  F  ;  [A']i  — »  • 
ac%(r ;  A ;  Q  ==>  A  -o  B)[ E]  T  ;  [A']i  — »  • 
act||(r ;  A ;  Q  •  A  •  B  ■  Q'  ==>  £)[E]  s 

act i| (F ;  A ;  Q  •  A  ®  B  •  Q'  =>  £)[ E]  s 

act||(r ;  A ;  Q  •  A;  •  O'  =>  £)[E]  F  ;  [A'h  — »  y 
actjj.(r ;  A ;  Q  •  Ai  ®  A2  •  O'  ==>  £)[E]  F  ;  [A']!  — »  y 
act||(r ;  A ;  Q  =>  £)[E]  F  ;  [A']w  — »  & 
actjj.(r ;  A ;  Q  •  1  =>  £)[E]  F  ;  [Af]w  — »  £'  M 
act||(r ;  A ;  Q  •  Q'  =>  f)[E]  <— >  s 
actjj(r\A  ;  A;  Q  •  !  A  •  Q'  ==>  £)[E]  s  !A 
act||(F ;  A ;  Q  ==>  [a/x]A)[E]  <— >  s 
actu(r ;  A ;  Q  ==>  Vx.  A)[E]  s  VA‘ 
act||(r ;  A ;  Q  •  [a/x\A  •  Q'  ==>  £)[E]  s 

act||(r ;  A ;  Q  •  3x.  A  •  O'  ==>  £)[E]  s  3A “ 

act||(r ;  A,P ;  Q  •  Q'  =>  F)[E] t— >  s 
act||(F ;  A ;  Q  •  P  •  Q'  ==>  £)[E]  s  aCt 
FCy 

act||(r ;  A ;  •  =>  £)[r,  F  ;  [A,  A']w  — »  y]  F  ;  [A']w  — »  y\ 


Figure  6.5:  forward  derived  rules:  active  phase 


Figure  6.6:  An  example  forward  derived  rule 
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Proof  sketch.  The  last  rule  used  to  derive  T ;  [A]z 


-» 


y  is  one  of  focj,  foCjj  or  !  foCjj.  Each 


case  is  a  direct  application  of  lemma  6.18 


□ 


Next  we  show  that  the  forward  derived  rule  calculus  is  complete  with  respect  to  the 

backward  derived  rule  calculus  of  sec.  16.2.11 

Definition  6.20.  For  any  context  Y,  the  context  |T|  stands  for  the  maximally  contracted  form  T. 

Definition  6.21  (Stronger  forms). 

1.  A  forward  derived  sequent  Y ;  [D]w  — »  y  is  said  to  be  stronger  than  a  backward  derived 
sequent  F  ;  A'  =»  y',  written  as  the  relation  <,  if\Y\  c  Y'  and 

(a)  if  w  =  0  then  A  =  A'  and  y  =  y';  and 

(b)  ifw  —  1  then  A  c  A'  and  y  c  y'. 

2.  A  forward  unsimplified  sequent  Y ;  V  — »  y  is  said  to  be  stronger  than  a  backivard  derived 
sequent  F  ;  A'  =»  y'  if  for  every  [A]^  such  that  D  [A]^,  the  sequent  Y ;  [A]a,  — »  y  is 
stronger  than  F  ;  A'  ==»  y'. 

Lemma  6.22. 

1.  If  foc| (A)[s]  E  and  there  exists  a  derivable  sequence  of  sequents,  E'  <  E  for  which 
focJ(A)[E'] t— >  s',  then  s'  <  s. 

2.  J/:foc1((A)[s] c— ■»  E  and  there  exists  a  derivable  sequence  E'  A  E/or  which  foc^(A)[E']  s', 

then  s'  <  s. 

3.  If  act1T(T ;  A ;  Q  =>  £)[s]  E  and  there  exists  a  derivable  sequence  E'  A  E,  and  F  c  Y, 
A'  c  A,  Q'  c  Q  and  f  c  E,for  which  ac%(F  ;  A' ;  O'  ==>  £')[E'] t— »  s',  then  s'  <  s. 


Proof  sketch.  By  induction  on  the  structure  of  the  focft/  foe/  and  ac%  derivations.  The 
following  is  a  representative  case  for  ®F. 

foe  j(A)[T ;  Ax  =»  •]  E, 
foc^(A)[T  ;  A2  =£>  •]  E2 
focJ(A  ®  B)[Y  ;  Ai,  A2  =»  ■]  ^-»  Ex  •  E2 

Suppose  there  is  a  derivable  (E'  ■  E^)  -<  (Ei  •  E2)  such  that 

focJ(A  ®  B)[E(  •  E' ]  Ylr  Y2  ;  D1  x  D2  — »  ■ 
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where  focJ(A)[E']  T2  ;  £>2  — »  ■  and  focJ(S)[E' ] >  T2  ;  D2  — »  By  the  induction  hy¬ 
potheses  |Ti|  £  T  and  |r2|  £  F.  Therefore  |Ti, T2|  £  T.  Next,  let  [Ai]Wl  and  [A2]Zi)2  be  given 
such  that  V\  ^  [A']^  and  V2  [A']W2.  If  Wi  =  vo2  =  0,  then  A'  =  Ai  and  A^  =  A2,  so 
[A'Ja,,  +  [A^a,,  =  Al7A2.  If  w2  =  1,  then  A^  £  A2/  so  [A']roi  +  [A']^  £  AlxA2.  The  case  of 
W\  =  1  is  similar.  □ 

Corollary  6.23  (completeness).  IfT;  A  =»  Q,  then  for  some  derivable  F  ;  [A']n,  — »  y, 

(T7 ;  [A7]^  — »  y)  A  (T ;  A  ==»  Q). 

Proof  sketch.  By  induction  on  the  derivation  of  T ;  A  =»  Q.  There  are  three  cases — one 


cases  1  or  2,  as  appropriate  to  drive  the  induction.  □ 


each  for  focy,  !  focfl 


and  foc^- 


-used  to  derive  T ;  A  =%>  Q.  In  each  case,  we  use  lem. 


6.22 


6.3  The  focused  inverse  method 


What  remains  is  to  implement  a  search  strategy  that  uses  the  forward  calculus.  The 
primary  issue  in  the  forward  direction  is  to  enumerate  the  propositions  for  which  we 
need  to  derive  inference  rules.  As  the  calculus  of  derived  rules  has  only  neutral  sequents 
as  premisses  and  conclusions,  we  need  only  generate  rules  for  propositions  that  occur 
in  neutral  sequents;  we  call  them  frontier  propositions.  To  find  the  frontier  propositions 
in  a  goal  sequent,  we  abstractly  replay  the  focusing  and  active  phases  to  identify  the 
phase  transitions.  Each  transition  from  an  active  to  a  focal  phase  produces  a  frontier 
proposition.  Formally,  we  define  two  generating  functions,  /  (focal)  and  a  (active),  from 
signed  propositions  to  multisets  of  frontier  propositions.  None  of  the  logical  constants 
are  in  the  frontier  as  we  never  need  to  construct  explicit  rules  for  them,  as  the  conclusions 
of  rules  such  as  TR  and  1 R  are  easy  to  predict.  Similarly  we  do  not  count  a  negative 
left-biased  focused  atom  (or  a  positive  right-biased  focused  atom)  in  the  frontier  as  these 
will  be  derived  using  an  init  rule  (linit  or  rinit)  for  which  there  are  no  premisses.  The 


result  of  this  computation  will  produce  a  decorated  subformula  (see  defn.  4.4). 


f(p)+  =  a(p)±  =  {p*} 

f(p)~  =  a(pf  =  {pH 
/(A  0  B)+  =  f(A)+,f(BY 


m~  =  0 

/(P)+  =  0 

/(A  0  B)~  =  a  (A  0  B) 
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if  p  right-biased 
if  p  left-biased 


a(A0B)  =  a(A)  ,a(B ) 

/(A  &  B)~  -  f(A)~,f(B)~ 
a  (A  &  B)~  =  f(A  &  B)~,  (A  &  B)7 

f(A~°  B)~  =  /(A)+,/(B)“ 

a(A  -o  B)~  =  f(A  -o  B)~,  (A  -o  B)~ 

f(\A)-=a(\A)- 
a{\A)~  =  f(A)~  ,(A)7 

far  =  aar  =  0 


a(A  0  B)+  =  f(A  0  B)+,  ( A  0  B)~ 

f(A  &  B)+  =  a(A  &  B)+ 
fl(A&B)+  =fl(A)+,fl(B)+ 

/(A  -o  B)+  =  a(A  -o  B)+ 
a(A  -o  B)+  =fl(A)“,fl(B)+ 

/(!A)+=a(A)+ 

fl(!A)+=/(A)+,(!A)+ 

/(T)*  =  aCr)*  =  0 


For  example,  f(p  &  q  r  &  (!s  0 1))  =  p+,  ^+,  s, ,  f.  . 


Definition  6.24  (frontier).  Given  a  goal  T ;  A  ==>  Q,  its  frontier  contains: 

i.  all  (top-level)  propositions  in  T,  A,  Q; 

ii.  for  any  A  e  T,  A,  Bze  collection  f(A)~;  and 

iii.  the  collection  /(Q)+. 


Lemma  6.25  (neutral  subformula  property).  In  any  backward  focused  proof  all  neutral  sequents 
consist  only  of  frontier  propositions  of  the  goal  sequent. 


Proof  sketch.  By  structural  induction  on  the  given  derivation.  We  omit  the  easy  details.  □ 


In  the  preparatory  phase  for  the  inverse  method,  we  calculate  the  frontier  propositions 
of  the  goal  sequent.  There  is  no  need  to  generate  initial  sequents  separately,  as  the 
executions  of  negative  atoms  in  the  frontier  directly  give  us  the  necessary  initial  sequents. 

During  the  search  procedure,  each  rule  is  applied  to  sequents  selected  from  the  current 
database,  and  if  the  rule  applies  successfully  then  we  get  a  new  sequent,  which  is  then 
considered  for  insertion  in  the  database.  It  is  possible  (and  common)  that  a  generated 
sequent  is  actually  subsumed  by  some  sequent  already  in  the  database  (forward  sub¬ 
sumption).  It  is  also  possible  (though  less  common)  for  a  new  sequent  to  be  stronger  than 
some  sequents  already  in  the  database.  In  this  case,  the  old  weaker  sequents  are  no  longer 
considered  for  new  derivations  (backward  subsumption). 
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6.3.1  Implementation  details 


In  this  section  we  shall  describe  briefly  the  main  details  concerning  the  implementation 


of  the  inverse  method  of  section  5.6  The  first  of  these  concerns  the  implementation  of 
inference  rules.  Given  a  proposition  in  the  frontier,  say  A+,  the  focusing  phase  of  the 
derived  rule  for  it  is  completely  predictable  once  we  know  which  disjunctive  choices  were 
taken.  Once  at  the  active  phase,  however,  the  precise  match  that  will  be  generated  will 
depend  on  whether  the  corresponding  input  sequent  is  weak  or  not.  The  implementation 
therefore  proceeds  as  follows.  For  every  derived  rule,  we  fix  the  precise  choices  that 
will  be  taken.  Then,  for  each  rule  in  focj  or  focjj  relation  is  interpreted  as  a  reusable 
continuation  (sometimes  called  handlers).  These  continuations  expect  as  arguments  the 
current  intermediate  state  of  the  focusing  phase,  and  produce  as  result  the  output  of  the 
rule  (if  there  are  no  more  premisses),  or  another  handler  if  there  are  still  other  branches  of 
the  proof  tree  to  explore. 


For  a  binary  rule  such  as  the  handler  for  the  left  operand  is  sequenced  with 
that  of  the  right  in  the  obvious  fashion;  thus,  these  handlers  force  a  specific  order  in 
which  the  premisses  of  the  derived  rule  must  be  met.  Therefore,  it  is  important  for 
the  rule  application  engine  to  be  complete  no  matter  which  order  the  premisses  have  to 
be  satisfied.  The  percolation  algorithm  outlined  in  sec.  |5.6|  (defn.  |5.30l  guarantees  this 
completeness. 


The  second  implementation  detail  has  to  do  with  the  !  focjj  rule.  If  the  focused  proposi¬ 
tion  Aj“  actually  occurs  in  the  unrestricted  context  in  the  final  goal  sequent  T0  ;  [A0]o  — >  yo, 
then  it  doesn't  actually  need  to  be  inserted  into  the  unrestricted  context  in  the  conclusion. 
The  reason  for  this  is  that  in  the  backwards  calculus  the  context  T0  will  be  shared  in  every 
branch  of  the  proof,  so  one  thinks  of  it  as  part  of  the  ambient  state  of  the  prover  instead  of 
representing  it  explicitly  as  part  of  the  current  goal.  Hence,  in  the  forward  direction  there 
is  never  any  need  to  explicitly  record  To  or  portions  of  it  in  any  generated  sequent.  Thus 
we  obtain  two  versions  of  the  !  focjj ride: 


Si  S2  •••  Sn  (fc>C||(A)[si  ■  S2 ■  ■  •  s„]  T ; D — »  Q)  A  i  To 


T,A ;  V  — »  Q 


!  fOCn 
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and 


Si  S2 


sn  (focu(A)[s!  •s2---sn]  ^T;D — »  Q) 
r ;  D  — »  Q 


a  g  r0 

-  !  f0C|| -delete 


This  optimisation  sometimes  goes  by  the  name  of  globalisation.  In  the  implementation 
syntax  (described  in  more  detail  in  chapter  [7]),  all  declared  propositions  are  counted 
as  belonging  to  this  global  state  and  globalised.  If  the  final  goal  proposition  is  itself 
asynchronous,  then  the  bact+  phase  is  played  out  for  this  proposition  to  obtain  a  collection 
of  goal  sequents,  and  any  additional  propositions  entered  into  the  unrestricted  context  of 
these  goal  sequents  is  also  treated  as  global. 


6.4  Embedding  non-linear  logics 


6.4.1  Intuitionistic  logic 

There  have  been  many  proposed  embeddings  of  ordinary  (non-linear)  logics  into  linear 
logic  using  the  exponential  operator  ||42ll27|  that  translate  sub-formulas  uniformly.  These 
translations  do  not  preserve  the  focusing  properties  of  the  source  logic  because  the  use 


of  the  exponential  !  operator  causes  loss  of  focus,  as  mentioned  in  sec.  6.1  For  exam¬ 
ple,  a  V  b  V  c  never  blurs  focus  at  b  V  c,  but  if  we  use  the  Girard  embedding  (defn.  |2.5[>, 
then  the  translation  la  ©  l(lb  ©  !c)  causes  a  loss  of  focus  at  lb  ©  !c.  It  is  possible  though 
to  give  a  focusing-aware  translation  that  is  faithful  to  the  focusing  system  of  the  source 
logic.  As  an  example,  consider  the  basic  intuitionistic  propositional  logic  with  connec¬ 
tives  {A,  t,  V,  f,  d}.  The  focusing  system  for  this  logic  treats  A  as  both  synchronous  and 
asynchronous  on  both  sides.  The  rules  are  as  follows: 


T ;  Ai «.!  Q 


T ;  Q 


T;p«jp  r  ;A1  AA2^Q 
t»7a  t»7b 

T  »j  A  A  B  T»jt 
i  A  ;  ■  T ;  Q  =>j  B  ;  • 


T ;  B  <jq  Q  T»7A 
T ;  A  D  B^CjQ 

T  »,A; 


T  A\  V  A2 

T  ;  Q  •  A 


>iB; 


T;Q 


A  A  B ; 


T ;  Q  — t )  •  T ;  Q  — A  D  B  j 
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r ;  Q  •  A  ■  B  •  Q'  =>J  7  r ;  Q  •  A  •  Q'  =>,  7  T ;  Q  •  B  ■  Q'  =>j  7 

r ;  Q  •  A  A  B  •  Q'  =>J  7  r  ;  Q  •  A  V  B  ■  O'  =>J  7  F ;  Q  •  f  •  O'  =>z  7 


T,  P ;  Q  •  Q'  =»/  7  ^  r  »j  Q  Q  non  atomic 

r  ;  Q  ■  P  •  O'  =>;7  aCt  r  ;  •  =>/  • ;  Q 


r;-=>;P;-  r ;  L  =>j  • ;  Q 
r»;P  r ;  L  «;/  Q 


T ;  P  «/  Q 

r,P;-=^i-;Q 


Here,  7  is  of  the  form  • ;  Q  or  C ;  •.  Note  that  in  this  formulation  atomic  propositions  are 
always  right-biased  to  keep  things  simple.  Extending  this  propositional  translation  to  the 
first-order  setting  is  also  easy. 

We  intend  to  translate  signed  intuitionistic  formulas  to  signed  linear  formulas  in  a  way 
that  preserves  the  focusing  structure  of  proofs.  The  translation  is  modal  with  two  phases: 
A  (active)  and  P  (focal).  A  positive  focal  (and  negative  active)  A  is  translated  as  0,  and  the 
duals  as  &.  For  every  use  of  the  act  rule,  the  corresponding  translation  phase  affixes  an 
exponential;  the  phase-transitions  in  the  image  of  the  translation  exactly  mirror  those  in 
the  source. 


=  P 

P(p)+ 

=  P 

A(p)~ 
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-o  as  D,  and  ©  as  V.  The  faithfulness  of  the  translations  can  be  established  as  a  pair  of 
soundness  and  completeness  theorems,  provable  by  simple  structural  induction. 

Theorem  6.26.  Soundness: 

1.  J/T ;  ■ »  A  f/ten  P  A0. 

2.  IfT;-;A<^Q  then  T° ;  A°  Q°. 

3.  If! ;  • ;  Q  =>  y  then  P  ;  Q°  =>j  y°  (where  y  is  of  the  form  C ;  •  or  ■ ;  Q.) 

Completeness: 

1.  7/T»IAttenF(T)-;-»F(A)+. 

2.  If  I ;  A  «;  Q  then  F(T)~  ;  • ;  F(A)“  «  F(Q)+. 

3.  If  I ;  Q  =>;  • ;  Q  then  F(T)~  ;  • ;  A(Q)“  =>  • ;  F(Q)+. 

4.  IfT ;  Q  =>j  K ;  •  then  F(T)“  ;  ■ ;  A(Q)“  =>  A(K)+  ;  •. 

Proof  sketch.  Soundness  is  immediate  because  the  linear  sequent  calculus  is  simply  a  re¬ 
finement  of  the  intuitionistic  calculus.  Completeness  is  established  by  straightforward 
structural  induction  on  the  given  intuitionistic  derivations.  We  omit  the  rather  easy  de¬ 
tails.  □ 

An  important  feature  of  this  translation  is  that  only  negative  atoms  and  implications 
are  I-affixed;  this  mirrors  a  similar  observation  by  Dyckhoff  that  the  ordinary  intuitionistic 
logic  has  a  contraction-free  sequent  calculus  that  only  needs  to  duplicate  negative  atoms 
and  implications  11371.  Dyckhoff's  calculus  however  has  no  notion  of  focusing,  so  this  isn't 
a  precise  correspondence;  incorporating  focusing  into  this  calculus  is  currently  an  open 
question. 


6.4.2  The  Horn  fragment 


In  complex  specifications  that  employ  linearity,  there  are  often  significant  sub-specifi¬ 
cations  that  lie  in  the  Horn  fragment.  Unfortunately,  the  basic  inverse  method  is  quite 
inefficient  on  Horn  formulas,  as  already  noted  by  Tammet  111101.  His  prover  switches 
between  hyperresolution  for  Horn  and  near-Horn  formulas  and  the  inverse  method  for 
other  propositions. 
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With  focusing,  this  ad  hoc  strategy  selection  becomes  entirely  unnecessary  The  focused 
inverse  method  for  intuitionistic  linear  logic,  when  applied  to  a  classical,  non-linear  Horn 
formula,  will  exactly  behave  as  classical  hyperresolution  or  SLD  resolution  depending 
on  the  focusing  bias  of  the  atomic  propositions.  This  remarkable  property  gives  further 
credence  to  the  power  of  focusing  as  a  technique  for  forward  reasoning.  In  the  next  two 
sections  we  will  describe  this  correspondence  in  slightly  more  detail. 

A  Horn  clause  has  the  form  -> pi, ... ,  -> pn,p  where  the  p,  and  p  are  atomic  predicates 
over  their  free  variables.  This  can  easily  be  generalized  to  include  conjunction  and  truth, 
but  we  restrict  our  attention  to  this  simple  clausal  form,  as  theories  with  conjunction  and 
truth  can  be  simplified  into  this  form.  A  Horn  theory  M7  is  just  a  set  of  Horn  clauses,  and 
a  Horn  query  is  of  the  form  M7  I-  g  where  g  is  a  ground  atomic  "goal"  formula^}  In  the 
following  section  we  use  a  simple  translation  (-)0  of  these  Horn  clauses  into  linear  logic 

where  ->pi, . . . ,  ->pn,  p  containing  the  free  variables  x  is  translated  into  Vx.pi  -° - 0  pn  ~°  p, 

and  the  query  M7  I-  g  is  translated  as  (M7)0 ;  [-]0  — »  g.  This  is  a  special  case  of  a  general 
focus-preserving  translation  of  sec. 

6.4.3  Hyperresolution 

The  hyperresolution  strategy  for  the  Horn  query  M7  I-  g  is  just  forward  reasoning  with  the 
following  rule  (for  n  >  1): 

p\  ■■■  p'n  I  where  -<pi, ...,  ->pn,p  e  Mb  p\, ...  ,pn  are  renaming  substitutions;  and 
dP  \  9  =  mgu((p1pj, . . . ,  pnp'n),  <pi, . . .  ,p„» 

The  procedure  begins  with  the  collection  of  unit  clauses  in  M7  and  ->g  as  the  initial  set  of 
facts,  and  succeeds  if  the  empty  fact  (contradiction)  is  generated.  Because  every  clause  in 
the  theory  has  a  positive  literal,  the  only  way  an  empty  fact  can  be  generated  is  if  it  proves 
the  fact  g  itself  (note  that  g  is  ground).  Because  this  proof  starts  from  the  unit  clauses  and 
derives  newer  facts  by  interpreting  the  Horn  clauses  forwards,  it  is  a  "bottom-up"  variant 
of  the  usual  Prolog-style  logic  programming. 

Consider  the  goal  sequent  in  the  translation  (M7)0 ;  [-]0  — »  g  where  the  atoms  are  all 
right-biased.  The  frontier  is  every  clause  Vx./q  -°  •  •  ■  -°  pn  -°  p  e  (M7)0.  Focusing  on  one 

4Queries  with  more  general  goals  can  be  compiled  to  this  form  by  adding  an  extra  clause  to  the  theory. 


6.4.1 
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such  clause  gives  the  following  abstract  derivation  in  the  forward  direction,  written  using 
a  more  transparent  notation  instead  of  using  the  focj,  foc^  and  actjj.  relations. 

ri  /  [A^]^  ^  Pi  /  [A^]^  ^  P/i 

hi  /  ^  Pi  /  '  r,;  ,  [A(J]lUn  ,  •  »  p,j  ,  .  . 

hi ,  [AjJjoj  p^  •  •  •  r„ ,  [An]a)j!  pn  r ,  Ho ,  p  ^  p 
_ rl7 . . .  ,r„  ;  A ;  pa  -o - opn^>p<£p _ ~° 

Id, ,  r„  ,  [Ax]zyi/ . . . ,  [A,;]^  ,  cillx.pi  —o  •  •  ■  —o  pn  —o  p  «;  p 

Id, . . . ,  T„ ;  [Ai]^  x  ■  ■  •  x  [A,,]^  — »  p  delete 

In  other  words,  the  derived  rule  is 

Id  ,  [AjJjyj  p\  •  ■  ■  Tn  ,  [An]a,n  ^  pn 

ri,...,r„,  [AiJjyj  x  •••  x  [A,;]^^  p 

In  the  case  where  n  =  0,  i.e.,  the  clause  in  the  Horn  theory  was  a  unit  clause  p,  we  obtain 
an  initial  sequent  of  the  form  ■ ;  [-]0  — »  p.  As  this  clause  has  an  empty  left  hand  side,  and 
none  of  the  derived  rules  add  elements  to  the  left,  we  can  make  an  immediate  observation 
(lem|6.2 7)  that  gives  us  an  isomorphism  of  rules  (thm|6.28]>. 

Lemma  6.27.  Every  sequent  generated  in  the  proof  of  the  goal  (W)° ;  [-]0  — »  g  has  an  empty  left 
hand  side.  □ 

Theorem  6.28  (Isomorphism  of  rules).  For  every  clause  -i pi, . . . ,  — ip„,  p  £  VF  there  is  a  derived 
rule 

Id ;  [Ai]^  — »  pi  •  •  •  T„  ;  [An]Wn  — »  pn  6  =  mgu(pi, . . .  ,p„) 

(Fi, . . . ,  r„  ,  [Ax]n);1  x  •  ■  •  x  [A,,]^  »  p)d 

generated  for  the  proof  of  the  goal  sequent  (M7)0 ;  [-]0  — »  g  for  a  fresh  goal  literal  g  and  only 
right-biased  atoms. 

Proof  sketch.  Note  that  only  the  translations  of  the  Horn  clauses  are  on  the  frontier.  The 
result  follows  by  a  straightforward  induction  over  the  structure  of  a  Horn  clause  and  the 
definition  of  the  focj,  foc^  and  ac%  relations.  We  omit  the  details  of  this  rather  easy  proof 
that  has  already  been  illustrated  above.  □ 

These  facts  let  us  establish  an  isomorphism  between  hyperresolution  and  right-biased 
focused  derivations. 


179 


Theorem  6.29.  Every  hyperresolution  derivation  for  the  Horn  query  VF  b  g  has  an  isomorphic 
focused  derivation  for  the  goal  sequent  (VF)'’ ;  [-]0  — »  g  with  right-biased  atoms. 


Sketch.  For  every  fact  p'  generated  by  the  hyperresolution  strategy,  we  have  a  correspond¬ 
ing  fact  • ;  [■](,  — »  p'  in  the  focused  derivation  (up  to  a  renaming  of  the  free  variables). 
When  matching  these  sequents  for  consideration  as  input  for  a  derived  rule  corresponding 
to  the  Horn  clause  -<pi, . . . ,  ~^pn,p,  we  calculate  the  simultaneous  mgu  of  all  the  p,  and  p\ 
for  a  Horn  clause,  which  is  precisely  the  operation  also  performed  in  the  hyperresolution 
rule.  The  required  isomorphism  then  follows  from  thm.  6.28  □ 


6.4.4  SLD  Resolution 

SLD  Resolution  [|6TH  is  a  variant  of  linear  resolution  that  is  complete  for  Horn  theories 
and  is  the  basic  reasoning  mechanism  in  Prolog-like  logic  programming  languages.  It 
is  sometimes  called  "top-down"  or  "goal-directed"  logic  programming  because  it  starts 
from  the  goal  literal  and  reasons  backwards  to  the  unit  clauses.  The  procedure  is  as 
follows:  for  the  Horn  query  M7  I -  g,  we  start  with  just  the  initial  clause  g,  and  then  perform 
forward  search  using  the  following  rule  (using  E  to  stand  for  clauses). 

E,  q  I  where  ->pi, . . . ,  -> pn,  p  G  M7;  p  is  a  renaming  subst;  and 

(Z,p1[plp2[p],...,pn[p])d  |  9  =  mgu(p[p],q) 

When  n  =  0,  i.e.,  for  unit  clauses  in  the  Horn  theory,  this  rule  corresponds  to  simply 
deleting  the  member  of  the  input  clause  that  was  unifiable  with  the  unit  clause  (and 
applying  the  resulting  substitution  to  the  rest  of  the  clauses).  The  search  procedure 
succeeds  when  it  is  able  to  derive  the  empty  clause. 

To  show  how  SLD  resolution  is  modeled  by  our  focusing  system,  we  reuse  the  trans¬ 
lation  from  before,  but  this  time  all  atoms  are  given  a  left  bias.  The  derivation  that 
corresponds  to  focusing  on  the  translation  of  the  Horn  clause  ->pi, . . . ,  ^pn,p  is: 

T;[A]W/p  — »  Q 

_  .  _  .  r ;  [A]w  ;p  — »  • ;  Q 

•;pi»pi  limt  •  •  •  -;pn»p«  limt  r ;  [A]„, ;  p  «:  • ;  Q  ^ 

r;[A]w,p1,...,pn;pi-o---pII-op<c-;Q 

- v — jvr; - 7^ - delete 

F  ;[A]wrplr . . .  rpn  — »  Q 
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In  other  words,  the  derived  rule  is: 


T;[A,p]w  — »  Q 
T;[Afplf...fpn]w  — »  Q 

The  frontier  of  the  goal  (d7)0  ;  [-]0  — »  g  in  the  left-biased  setting  contains  every  member 
of  (d7)0,  so  we  obtain  one  such  derived  rule  for  each  clause  in  the  Horn  theory.  The 
frontier  contains,  in  addition,  the  positive  atom  g;  assuming  there  is  a  negative  instance 
of  g  somewhere  in  the  theory,  we  will  thus  generate  a  single  initial  sequent,  ■ ;  [y]0  — »  g. 
We  immediately  observe  that: 

Lemma  6.30.  Every  sequent  generated  in  the  focused  derivation  of(W)°  ;  [-]o  — »  g  is  of  the  form 
■ ;  [A]0  — »  g.  □ 

Theorem  6.31  (Isomorphism  of  rules).  For  every  clause  ->pi, . . . ,  ->pn,  p  e  d7,  there  is  a  derived 
rule 

T ;  [A,p]w  — »  Q 
T;[A ,p\,...,pn\w  — »  Q 

created  for  the  goal  sequent  (d7)0  ;  [-]0  — »  gfor  some  goal  literal  g  and  only  left-biased  atoms. 


Proof  sketch.  Note  that  only  the  translations  of  the  clauses  and  the  goal  literal  g  itself  are 
in  the  frontier.  For  g,  we  get  just  a  single  initial  sequent  • ;  [y]0  — »  g.  For  the  translation 
of  the  clauses,  we  use  a  simple  induction  on  the  structure  of  the  clauses  and  the  definition 
of  the  focj,  f0C|j  and  actjj.  relations.  Again,  we  omit  the  rather  easy  proof  that  has  been 
illustrated  above.  □ 

Theorem  6.32.  Every  SLD  resolution  derivation  for  the  Horn  query  d7  h  g  has  an  isomorphic 
focused  derivation  for  the  goal  sequent  (d7)0 ;  [-]0  — »  g  with  left-biased  atoms. 


Proof  sketch.  Very  similar  argument  as  in  thm.  6.29  except  we  note  that  in  the  matching 
conditions  in  the  derived  rules  we  rename  the  input  sequents,  whereas  in  the  SLD  resolu¬ 
tion  case  we  rename  the  Horn  clause  itself.  However,  this  renaming  is  merely  an  artifact 
of  the  procedure  and  doesn't  itself  alter  the  derivation.  □ 


Although  the  derivations  are  isomorphic,  the  focused  derivations  may  not  be  as  ef¬ 
ficient  as  the  SLD  resolution  in  practice  because  of  the  need  to  rename  (i.e.,  copy)  the 
premisses  as  part  of  the  matching  conditions  of  a  derived  rule-  premisses  might  contain 
many  more  components  than  the  Horn  clause  itself. 
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6.4.5  Historical  review 


The  concept  of  viewing  focused  derivations  as  a  means  of  constructing  derived  inference 
rules  is  not  new.  Andreoli  himself  has  made  similar  attempts  for  backward  reasoning: 
see  10,  for  instance.  Girard's  Ludics  Il44ll  uses  focusing  as  a  foundational  concept  and 
takes  it  as  an  explanation  for  logic;  in  Ludics,  "bipoles"  or  derived  inference  rules  are 
the  only  rules  that  are  syntactically  allowed.  Focusing  for  intuitionistic  (including  linear) 
logics  was  first  investigated  by  Howe  Il57l;  however,  Howe  was  not  aware  of  the  notion  of 
focusing  bias,  and  his  calculus  furthermore  had  certain  technical  oddities  (such  as  possibly 
infinite  loops)  that  have  been  corrected  in  this  work  with  a  careful  treatment  of  atomic 
propositions.  The  precise  combination  of  focusing  with  forward  reasoning  in  the  inverse 
method  is  also  a  contribution  of  this  thesis;  prior  to  this  work,  such  combinations  existed 
in  the  domain  of  conjecture  and  folklore.  There  are  significant  details  in  the  construction 
of  the  focusing  calculus  and  its  use  in  generating  forward  derived  inference  rules. 

The  quest  for  ways  of  making  large,  multi-step  derivations  has  a  long  history  in  auto¬ 
mated  reasoning.  As  mentioned  earlier,  hyperresolution  itself  is  one  such  logically  moti¬ 
vated  strategy.  Other  strategies  such  as  chaining  single-premiss  rules  or  using  monadic 
properties  of  the  logic  have  also  been  attempted  1111211.  These  heuristics  are  not  as  far 
reaching  as  focused  derivations,  which,  as  demonstrated  in  the  previous  section,  sub¬ 
sumes  hyperresolution  on  Horn  theories. 

The  interaction  of  focusing  and  cut-elimination  has  been  studied  by  Danos,  Joinet 
and  Schellinx  [[331  32].  Although  none  of  their  translations  are  explicitly  focusing  aware, 
their  calculi,  particularly  the  constraints  in  the  LKp  system  bear  unmistakable  similarities 
to  focusing.  A  more  recent  work  by  Jagadesan  et  al  |j58l  is  the  system  ARCC,  a  logic 
programming  language  without  focusing,  but  with  the  notion  of  biased  atoms.  In  ARCC 
the  observation  that  switching  the  bias  gives  rise  to  forward-  or  backward-chaining  is 
certainly  visible,  though  this  observation  is  limited  to  the  Horn-fragment  of  intuitionistic 
logic. 

Ideas  of  polarity  and  focused  derivations  are  increasingly  becoming  a  standard  tech¬ 
nique  in  type  theory.  Laurent  Il65l  |64l  has  used  the  notion  of  polarity  to  explain  type 
isomorphisms  in  call-by-value  and  call-by-name  settings  and  gives  algorithms  for  gen¬ 
erating  dual  program  constructs  in  terms  of  a  Curry-Howard  isomorphism.  At  least  the 
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asynchronous  half  of  focusing  has  been  (probably  independently)  noted  by  Levy  Ii66l  in 
the  domain  of  operational  semantics  for  programming  languages,  though  his  calculus  is 
not  as  powerful  as  focusing. 

Future  work 

The  main  open  question  raised  by  the  previous  section  is  whether  the  observation  that 
focusing  generalises  hyperresolution  and  SLD  resolution  on  the  Horn  fragment  can  be 
extended  to  a  fuller  logic.  This  question  is  naturally  meaningless  for  intuitionistic  logic 
because  hyperresolution  is  a  classical  strategy.  Focusing  for  purely  classical  proof  search 
is  also  not  very  satisfactory  (though  see  a  recent  attempt  to  do  just  that  111191).  For 
classical  linear  logic,  however,  the  question  is  an  interesting  one.  We  conjecture  that  the 
focusing  calculi  already  available  for  classical  linear  logic,  or  if  necessary  an  adaptation 
of  the  intuitionistic  focusing  calculus  of  this  work,  will  turn  out  to  give  an  explanation  for 
classical  hyperresolution. 

Another  important  item  of  future  work  would  be  a  detailed  analysis  of  connections 
with  a  bottom-up  logic  programming  interpreter  for  the  LO  fragment  of  classical  linear 
logic  [|T8ll.  This  fragment,  which  is  in  fact  affine,  has  the  property  that  the  unrestricted 
context  remains  constant  throughout  a  derivation,  and  incorporates  focusing  at  least 
partially  via  a  back-chaining  rule.  It  seems  plausible  that  our  prover  might  simulate  their 
interpreter  when  LO  specifications  are  appropriately  translated  into  intuitionistic  linear 
logic,  similar  to  the  translation  of  classical  Horn  clauses. 
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Chapter  summary  We  have  reconstructed  focused  derivations  for  intuitionistic 
linear  logic  and  extended  it  with  a  notion  of  focusing  bias  for  atomic  proposi¬ 
tions..  We  have  given  a  novel  completeness  proof  for  this  calculus  in  terms  of 
cut-admissibility  and  the  identity  principle.  We  have  then  presented  a  design  of  an 
inverse  method  theorem  prover  based  on  forward  derived  inference  rides  constructed 
from  focusing. 

Additionally,  we  have  shown  how  forward  focusing  can  be  understood  as  a  gener¬ 
alisation  of  both  hyperresolution  and  SLD  resolution  for  Horn  theories,  depending 
on  a  choice  of  focusing  bias.  Furthermore,  we  have  shown  a  new  translation  of 
intuitionistic  logic  to  linear  logic  that  is  faithful  to  a  focused  sequent  calculus  for 
the  source  logic. _ 


184 


Chapter  7 

Experimental  evaluation 


In  this  chapter  we  present  the  li  (standing  for  "Linear  inverse")  family  of  theorem  provers 
that  implement  the  inverse  method  for  various  fragments  of  linear  logic  presented  in  this 
thesis.  The  provers  will  either  using  single  inference  rules  like  in  chapters|4]or[5j  or  derived 
inference  rules  using  focusing  as  in  chapter  [6j  All  versions  of  the  prover  use  a  uniform 
input  syntax  and  output  format,  though  a  prover  for  a  more  restricted  fragment  will  not 
be  able  to  handle  elements  in  the  input  that  it  has  no  way  of  handling.  The  fragments  of 
the  logic  and  the  strategies  used  by  the  provers  will  be  indicated  using  affixes  to  its  name. 


This  chapter  is  organized  as  follows:  in  section  7.1  we  present  the  syntax  for  the 
lif  prover,  which  has  the  most  complete  input  language.  In  sec.  7.2  we  shall  present 
experiments  with  the  purely  propositional  prover  lip.  In  sec.  7.3  we  shall  look  at  general 


first-order  linear  problems.  In  sec.  7.4  we  shall  consider  theorem  proving  problems  in 
other  logics  in  translation  to  linear  logic. 


Experimental  framework  All  experiments  on  the  li  provers  were  done  using  MLTon 
version  20060213.  For  the  propositional  experiments,  some  results  of  running  the  same 
experiments  on  the  Gandalf  "nonclassical"  distribution  (version  0.2),  compiled  using  its 
own  packaged  version  of  the  Hobbit  Scheme  compiler,  are  presented.  This  distribution 
contains  two  propositional  linear  logic  provers:  one  using  resolution  (denoted  as  Gr  in 
this  text),  and  the  other  using  a  Tableaux  representation  (written  Gt).  We  did  not  attempt 
to  bound  the  search  for  either  version  of  the  Gandalf  prover;  neither  did  we  alter  any  of 
the  default  runtime  parameters.  Other  provers  such  as  LinTAP  If70i  and  llprover  Bll3l  fail 
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to  prove  all  but  the  simplest  problems,  so  we  did  not  do  any  serious  comparisons  against 
them.  Our  experiments  were  all  run  on  a  3.4GHz  Pentium  4  machine  with  1MB  LI  cache 
and  1GB  main  memory.  Most  running  times  are  wall  clock  times,  but  they  are  averaged 
over  five  runs  for  extremely  short  running  times  (less  than  0.01  seconds). 


7.1  External  syntax 

Every  li  prover  accepts  a  textual  file  with  a  list  of  directives  and  declarations  as  input, 
and  executes  the  directives  in  the  order  that  it  finds  them.  In  addition,  the  external  syntax 
gives  a  textual  representation  of  propositions  and  proof  terms.  Terms  are  either  variables 
or  function  symbols  applied  to  a  list  of  argument  terms,  written  using  the  standard  tuple 
notation,  i.e.,  of  the  form  f(t! ,  .  .  .  ,  t„).  If  the  list  of  arguments  is  empty,  then  it  is 
simply  left  out  and  the  function  symbol  represents  a  constant.  Lexically,  both  variables 
and  function  symbols  are  any  alphanumeric  identifier  starting  with  a  letter;  no  distinction 
is  made  between  variables  and  function  symbols. 

For  propositions,  we  use  the  lexemes  *,  1,  -o,  &,  #,  +,  0  and  !  to  stand  for  0,  1,  -°, 
&,  T,  0,  0  and  !  respectively.  For  the  quantifiers,  (x)A  represents  ix.A  where  x  and  A  are 
representations  of  x  and  A  respectively;  similarly  [x]A  for  3x.  A.  Atomic  propositions 
are  treated  in  the  same  way  as  terms,  and  there  is  no  lexical  distinction  made  between  a 
predicate  symbol  and  a  function  symbol.  In  the  extensions  of  li  with  the  modal  operators, 
we  add  two  additional  syntactic  forms:  ?A  for  the  possibility  modal  proposition  ?  A,  and 
{A}  for  the  lax  modal  proposition  {A}.  Finally,  we  add  the  following  derived  forms: 

1.  A  ->  B  and  B  <-  A  for  !A  -°  B 

2.  A  ==  B  for  (A  -°  B)  &  (B  -°  A) 

The  binary  connectives  are  written  in  an  infix  style  with  the  following  order  of  prece¬ 
dence  (from  lowest  to  highest):  ==,  (<-,  o-),  (->,  -o),  +,  &,  *.  The  connectives  -o  and  -> 
associate  to  the  right,  and  all  other  binary  connectives  associate  to  the  left.  Quantifiers 
have  the  lowest  precedence,  and  unary  operators  have  the  highest  precedence. 

In  addition  to  propositions,  there  is  also  external  syntax  for  describing  proof  terms. 
The  syntax  of  proof  terms  allows  writing  normal  proof  terms  generally,  but  it  also  allows 
for  explicit  coercions  for  non-normal  proof  terms.  The  grammar  for  these  proof  terms  is 
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(inferable  terms) 


(checkable  terms) 


u 

(hyp) 

p 

(defined  term) 

i  c 

(  °E) 

fst  i  |  snd  i 

(&E) 

(c :  A) 

(coercion  c :  A) 

i 

(silent) 

c  *  c 

m 

let  u  *  v  =  i  in  c  end  (<8>E) 

1 

in) 

let  1  =  i  in  c  end 

(IE) 

\u.  c 

(-o  I) 

(c,  c) 

(&1) 

0 

(T I) 

ini  c  |  inr  c 

m 

case  i  of  ini  u  =>  c 

|  inr  v  =>  c’  (®E) 

abort  i 

(0  E) 

!  c 

(!J) 

let  !u  =  i  in  c  end 

(!E) 

let  u  =  i  in  c  end 

(linear  substitution  [i/u\c) 

ulet  u  =  i  in  c  end 

(unrestr.  substitution  [i/u\c) 

Figure  7.1:  BNF  for  proof  terms 


essentially  the  textual  representation  of  the  definition  in  sec.  2.2.3  i.e.,  the  BNF  shown  in 
figure  [7d  The  syntax  also  admits  two  let-forms  to  represent  the  substitution  principles 
in  the  logic.  In  this  figure  the  modal  operators  (and  their  corresponding  let-forms)  are  not 
shown,  but  they  will  be  described  later. 


The  input  file  consists  of  a  sequence  of  declaration  and  prover  directives;  the  former 
defines  new  symbols  in  the  prover,  and  the  latter  triggers  various  searches,  computations, 
and  checks  in  the  prover.  In  the  rest  of  this  section  we  shall  summarise  the  key  features. 
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Propositional  declarations  New  propositions  can  be  defined  using  the  syntactic  form 
p  :  A.  Such  declarations  are  automatically  treated  as  global  hypotheses  for  the  proven 
The  left  hand  side  of  the  colon  defines  a  new  label  for  the  hypothetical  proof  of  this 
proposition,  and  the  right  defines  the  proposition  that  is  being  assumed.  A  common  use 
of  such  propositional  declarations  is  to  specify  the  problem  domain  or  theory  in  which 
queries  are  to  be  made.  These  propositional  declarations  are  automatically  globalised  (see 
631). 


sec. 


Proof  search  To  search  for  the  proof  of  a  proposition,  we  use  the  %prove  directive: 
%prove  A. 

This  triggers  a  search  for  the  proof  of  A  with  every  proposition  declared  earlier  present  in 
the  unrestricted  context  of  the  goal  sequent.  This  simple  declaration  can  be  further  refined 
by  specifying  bounds  on  the  number  of  iterations;  the  following,  for  example,  attempts 
2000  iterations  on  A  and  then  saturates. 

%prove  2000,  A. 

If  the  proposition  is  false,  then  we  can  use  the  %refute  or  %saturate  declaration  to 
attempt  to  saturate  the  search  space.  Refutation  can  also  be  bounded  in  the  number  of 
iterations,  but  in  this  case  after  the  saturation  succeeds  early. 

If  a  proof  is  found,  then  the  corresponding  proof  term  is  printed.  This  proof  term  can 
also  be  captured  in  the  form  of  a  proof  term  definition  using  the  variant  form 

%prove  p  :  A. 

The  found  proof  is  bound  to  p,  which  can  then  be  used  in  future  operations  on  proof 
terms. 


Proof  normalisation  Given  a  non-normal  proof  term  c,  i.e.,  a  proof  term  that  uses 
coercions,  its  normal  form  can  be  computed  using  the  %norm  declaration. 

%norm  d  =  c . 

The  normal  form  of  c  is  computed  and  bound  to  the  symbol  d. 
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Proof  checking  Given  a  normal  proof  term,  it  can  be  checked  against  a  given  proposition 
using  the  %check  directive. 

%check  c  :  A. 

If  the  proof  c  checks  against  the  proposition  A,  then  check  is  successful  and  li  prints 
"OK";  otherwise  it  terminates  with  an  error  message.  The  dual  of  %check  is  %re  j  ect,  with 
the  same  arguments,  that  verifies  that  the  given  proof  term  is  not  a  proof  of  the  given 
proposition. 

Note  that  any  proof  term  may  use  the  terms  defined  by  %prove  and  %norm,  and  the 
names  of  the  declared  propositions.  However,  the  semantics  of  such  uses  is  a  bit  odd: 
internally,  the  definitions  of  the  constants  are  expanded  and  turned  into  a  coercion,  then 
normalised.  Thus,  the  resulting  proof  term  may  be  very  different  from  what  the  user 
writes  down  depending  on  the  details  of  the  normalisation  algorithm.  Nevertheless,  we 
prefer  this  approach  because  of  the  well-behaved  bidirectional  proof-checking  algorithm 
that  allows  us  to  omit  most  of  the  type  (proposition)  annotations  out  of  proof  terms; 
indeed,  the  //-long  and  /3-normal  terms  need  no  type  information  at  all. 

In  addition  to  these  logical  declarations  and  definitions,  there  is  an  elaborate  logging 
facility  present  in  li  for  recording  various  statistics  and  intermediate  stages  of  proof  search. 
The  details  of  these  facilities  are  not  very  relevant  to  this  thesis,  but  can  be  found  in  the 
documentation  accompanying  the  li  distribution. 


7.2  Propositional  experiments 


The  first  batch  of  experiments  use  a  purely  propositional  prover  using  the  calculus  of 
chapter  [4j  named  lip,  and  its  focusing  variant,  named  lipf.  Both  versions  of  this  prover 
use  the  extra  optimisations  available  in  the  propositional  case  such  as  irredundant  rules 


(see  sec  3.4 1  and  efficient  propositional  contraction. 
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7.2.1  Planning 


Blocks  world  is  a  simple  planning  example  that  can  be  embedded  entirely  into  the 
multiplicative-exponential  fragment  (i.e.,  {(8),  -°, !})  of  linear  logic.  For  our  experiments  we 
consider  a  simple  world  with  exactly  three  blocks  named  a,  b  and  c.  The  robotic  arm  is 
represented  by  four  atomic  propositions:  empty  for  the  empty  arm,  and  holds  a,  holds  b 
and  holds.c  for  holding  a,  b  and  c  respectively  The  state  of  blocks  not  held  by  the  robotic 
arm  depicts  the  placement  of  blocks.  For  example,  on_a_b  represents  the  state  that  the 
block  a  is  on  b,  and  on_a_tab  depicts  that  a  is  on  the  table.  The  arm  is  only  allowed  to 
lift  blocks  that  have  no  blocks  on  top  of  them;  this  condition  is  represented  by  the  three 
atoms  free_a,  free_b  and  free_c. 

Actions  by  the  robot  depict  a  transformation  of  the  state.  For  instance,  if  the  arm  lifts 
the  block  a  from  the  block  b,  then  that  state  change  is: 

pick_a_form_b :  free_a  *  on_a_b  *  empty  -o  free_b  *  holds_a. 

The  reverse  is  also  a  valid  action: 

drop_a_on_b:  holds_a  *  free_b  -o  on_a_b  *  free_a  *  empty. 

There  are  thus  a  total  of  18  such  rules. 

We  start  from  an  initial  state  where  a  is  on  b,  and  b  and  c  are  on  the  table  and  the  hand 
is  empty  (fig.|7.2|(a)).  This  is  represented  by: 

initial  =  on_a_b  *  free_a  *  on_b_tab  *  on_c_tab  *  free_c  *  empty. 

From  this  state  we  want  to  move  the  (a,  b)  tower  on  top  of  c  (fig.|7.2|(b)): 

final  =  on_a_b  *  on_b_c  *  on_c_tab  *  #. 

T  (#)  is  used  because  we  don't  really  care  about  the  rest  of  the  final  state.  To  instruct  the 
prover  to  prove  this,  we  issue  the  following  directive. 

%prove  initial  -o  final. 
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arm 


arm 


table  table 


(a)  start  state  (b)  end  state 

Figure  7.2:  A  blocks  world  problem 

This  variant  we  call  blocks,  the  purely  linear  variant.  We  also  attempt  the  same 
exercise  using  the  lax  modality  {}  using  a  variant  of  these  rules  where  the  result  is  in  the 
monad.  For  example: 

pick_a_from_b_monadic :  on_a_b  *  free_a  *  empty  -o  {free_b  *  holds_a} . 
Here  we  direct  the  prover  as  follows: 

%prove  initial  -o  {final}. 

The  use  of  the  monad  makes  the  sequence  of  actions  explicit  in  the  proof.  This  makes  the 
proofs  have  a  focusing  flavour  even  in  the  absence  of  a  focusing  calculus.  Once  a  rule  is 
used  with  -°L,  the  proof  is  automatically  focused  on  the  succeedent  of  the  implication. 
The  focusing  calculus  of  course  has  a  similar  nature  even  in  the  absence  of  the  CTF  monad, 
though  the  natures  are  not  precisely  identical. 

In  experiments,  we  found  that  this  problem  was  large  enough  that  in  the  absence  of 
focusing  it  runs  for  a  few  hours  before  exhausting  the  memory  of  the  experimental  system 
after  about  400,000  iterations  of  the  lazy  OTTER  loop  and  about  70,000  generated  sequents. 
In  looking  at  traces  of  the  run,  we  found  that  there  were  simply  too  many  intermediate 
sequents  generated  for  every  use  of  a  state  transition  rule,  and  the  transitions  were  being 
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attempted  too  often.  Furthermore,  because  the  rules  pick_a_from_b  and  drop_a_on_b,  for 
example,  are  inverses  of  each  other,  the  prover  gets  mired  in  more  and  more  complex 
cycles  of  actions  without  making  progress. 

For  the  focusing  prover  lipf,  the  situation  is  drastically  different.  Not  only  are  the 
proofs  found  quickly,  but  also  the  CLF  monad  appears  to  give  no  benefits  (and  in  fact 
adds  slightly  to  the  overhead).  Here  "iters"  refers  to  the  number  of  iterations  of  the 
OTTER  loop,  "gen"  for  the  number  of  generated  sequents,  "subs"  for  the  number  of 
forward-subsumed  sequents,  and  "time"  for  the  wall-clock  times  in  seconds.  Note  that 
the  Gandalf  provers  do  not  have  support  for  the  CLF  monad,  and  fail  to  prove  the  non- 
monadic  versions. 


right-biased 

left-biased 

Gt 

Gr 

problem 

iters 

gen 

subs 

time 

iters 

gen 

subs 

time 

time 

time 

blocks 

45 

424 

317 

0.12 

26 

387 

337 

0.04 

X 

X 

blocks-clf 

64 

697 

412 

0.264 

15 

81 

69 

0.006 

N/A 

N/A 

Here  we  observe  that  left-biasing  is  about  an  order  of  magnitude  faster  than  right¬ 
biasing.  The  reason  for  this  is  that  all  derived  rules  in  the  left-biased  system  are  single 
premiss  rules,  so  there  is  no  overhead  due  to  the  percolation  phase  (defn.  5.30|). 


We  have  also  considered  other  planning  problems  that  can  be  expressed  in  this 
multiplicative-exponential  fragment,  and  they  appear  to  have  similar  results.  The  first  of 
these  is  a  change-making  problem  that  defines  the  transformations  in  a  change  machine. 
This  domain  has  rules  like 


quarter  -o  dime  *  dime  *  nickel, 
dime  -o  nickel  *  nickel. 

nickel  -o  penny  *  penny  *  penny  *  penny  *  penny. 

Queries  in  this  theory  ask  if  a  given  initial  collection  of  coins  can  be  converted  to  another 
given  collection,  and  from  the  proofs  of  these  queries  we  can  extract  the  actual  steps 
used  to  make  this  transformation.  The  table  below  documents  the  results  of  a  particular 
problem  that  is  feasible  without  focusing. 
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Figure  7.3:  A  producer-mediator-consumer  net 


LIP 

right-biased  lipf 

left-biased  lipf 

Gt 

Gr 

name 

time 

iters 

gen 

subs 

time 

iters 

gen 

subs 

time 

time 

time 

change 

3.196 

16 

22 

7 

0.001 

11 

20 

6 

0.001 

0.63 

0.31 

For  most  problems  the  focusing  bias  in  lipf  seems  to  have  only  a  minor  impact  on  the 
running  time.  The  drastic  difference  comes  instead  from  using  any  focusing  system  at  all. 

The  last  of  these  planning  problems  we  considered  was  encodings  of  Petri-nets  H25l. 
The  table  below  contains  the  total  running  time  for  several  different  Petri  nets,  of  which 
we  shall  describe  just  one  in  some  detail.  This  example  net  is  shown  in  figure  |7.3[  It  is 
a  producer-consumer  network:  the  left  half,  the  producer  of  tokens,  synchronises  with  the 
right  half,  the  consumer,  using  a  mediating  buffer  ml  and  m2.  The  number  of  tokens  in 
this  buffer  represent  the  maximum  number  of  cycles  that  the  producer  and  consumer  can 
differ  by. 

Each  place  and  transition  in  the  network  is  represented  in  terms  of  an  atomic  proposi- 
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tions.  The  two  producer  places  are  pi  and  p2,  and  their  transitions  are  ptl  and  pt2.  The 
first  transition  ptl  is  enabled  whenever  there  is  a  token  in  pi,  so  we  write  this  as 

pi  -o  ptl. 

This  transition  produces  a  token  in  p2,  which  we  write  as: 
ptl  -o  p2 . 

The  second  transition  pt2  is  enabled  whenever  there  is  a  token  in  p2  and  m2,  and  it 
produces  a  token  each  in  pi  and  ml.  We  write  these  rules  as  follows: 


p2  *  m2  -o  pt2 . 
pt2  -o  pi  *  ml. 

The  consumer  is  similarly  described: 

cl  *  ml  -o  ctl.  ctl  -o  m2  *  c2 . 

c2  -o  ct2.  ct2  -o  cl. 


The  particular  initial  state  with  a  mediating  buffer  of  size  4  shown  in  figure  7.3 


is: 


initial  =  pi  *  m2  *  m2  *  m2  *  m2  *  cl. 


It  represents  the  state  where  the  consumer  has  just  consumed  all  four  tokens  that  the 
producer  has  previously  produced.  We  ask  the  query  if  in  a  future  state  the  producer  can 
have  produced  four  more  tokens. 

final  =  ml  *  ml  *  ml  *  ml  *  #. 

%prove  initial  -o  final. 


Like  before  with  the  blocks  world,  we  also  include  a  monadic  version  of  the  encoding 
where  the  succeedent  of  the  state  transformations  are  always  inside  the  monad  and  the 
final  query  is  initial  -o  {final}.  The  table  below  summarises  the  results.  Note  that  the 
size  of  these  problems  is  large  enough  that  the  small  step  prover  lip  exhausts  the  system 
memory  easily;  thus  we  present  only  the  data  for  the  focusing  prover  lipf.  The  examples 
petri-1  all  ask  for  provable  queries,  whereas  petri -2  are  all  false  queries  for  which  we 
ask  for  (unbounded)  saturation.  (The  same  Petri  nets  are  used  in  both.) 
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right-biased  lipf 

left-biased  lipf 

Gt 

Gr 

name 

iters 

gen 

subs 

time 

iters 

gen 

subs 

time 

time 

time 

petri-1 

23 

38 

23 

0.001 

284 

1099 

921 

0.062 

X 

7.08 

petri-2 

57 

133 

105 

0.003 

393 

1654 

1433 

0.068 

X 

7.13 

Here  we  observe  that  right-biasing  performs  better  than  left-biasing.  One  indication 
that  this  would  be  the  case  is  in  the  structure  of  the  rules  which  all  have  either  a  singleton 
antecedent  or  a  singleton  succeedent;  the  state  changes  are  therefore  more  structured  than 
arbitrary  multiset  rewriting  for  which  left-biasing  would  be  a  better  approach. 

7.2.2  Graph  exploration 

The  next  class  of  propositional  examples  are  graph  exploration  algorithms  encoded  in 
linear  logic  with  the  additive  connectives.  Our  graphs  are  always  directed,  but  can  be 
cyclic.  The  first  of  these  algorithms  attempts  to  find  an  Euler  tour  in  the  graph  if  one  exists. 
To  implement  this  algorithm,  we  represent  the  edges  of  the  graph  as  linear  implications 
between  the  vertices,  but  these  implications  are  themselves  only  allowed  to  be  used 
linearly.  Thus,  given  a  starting  vertex,  if  all  the  edges  in  the  graph  can  be  consumed  to  end 
back  that  same  vertex,  then  there  exists  an  Euler  tour  in  the  graph  (which  can  be  extracted 
from  the  proof). 


a 


Figure  7.4:  A  simple  graph 

To  give  a  simple  example,  consider  the  triangular  graph  in  figure 
vertices  a,  b  and  c,  and  the  edges  between  the  graph  are: 

edge_a_b  =  (a  -o  b)  &  (b  -o  a) . 


7.4  It  has  three 
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edge_a_c  =  (a  -o  c)  &  (c  -o  a) . 
edge_b_c  =  (b  -o  c)  &  (c  -o  b) . 

To  ask  if  there  is  an  Euler  tour  starting  at  a,  we  issue  the  following  directive: 

%prove  edge_a_b  *  edge_a_c  *  edge_b_c  -o  a  -o  a. 

In  the  following  table,  we  summarise  the  results  of  asking  for  Euler  tours  in  the 
complete  graphs  of  up  to  10  vertices.  The  set  euler-1  goes  up  to  size  6,  the  next  set 
euler-2  between  7  and  9  vertices,  and  euler-3  for  the  complete  graph  of  10  vertices. 
Needless  to  say,  the  small  step  prover  lip  fails  to  prove  any  of  them,  so  we  once  again 
present  only  the  focusing  results. 


right-biased  lipf 

left-biased  lipf 

name 

iters 

gen 

subs 

time 

iters 

gen 

subs 

time 

euler-1 

6291 

11853 

5565 

9.010 

6291 

11853 

5565 

8.570 

euler-2 

15640 

34329 

18689 

152.12 

15640 

34329 

18689 

145.9 

euler-3 

64360 

159194 

94834 

3043.35 

64360 

159194 

94834 

2938.55 

Because  the  encoding  of  the  theory  is  completely  symmetric,  both  backward  and 
forward  chaining  generate  the  same  sequents.  Interestingly,  a  left-biased  search  performs 
slightly  better  than  the  right-biased  system  because  of  peculiarities  of  the  implementation 
that  produces  the  sequent  in  a  slightly  different  order  in  each  case. 

The  other  graph  exploration  algorithm  we  consider  is  finding  Hamiltonian  tours;  its 
design  is  very  similar.  Here,  for  each  vertex  we  maintain  two  states:  visited,  or  unvisited 
(indicated  using  primes).  If  the  vertex  a  is  connected  to  b,  then  the  transition  between 
them  is  allowed  only  if  b  has  not  been  visited  before,  and  as  the  result  of  the  transition  b 
becomes  visited.  We  write  this  as 

visit_a_b  =  a  *  b’  -o  b. 

Of  course,  this  particular  edge  might  not  be  used  in  a  Hamiltonian  tour,  so  we  optionally 
allow  it  not  to  be  used: 

visit_a_b  =  (a  *  b’  -o  b)  &  1. 
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Consider  the  graph  in  figure  7.4  again,  but  now  direct  the  edges  from  a  to  b,  from  b  to 
c  and  from  c  to  a.  In  addition  to  the  above  rule,  we  have  the  following  rules  for  the 
remaining  vertices. 


visit_c_a  =  (c  *  a’  -o  a)  &  1. 
visit_b_c  =  (b  *  c’  -o  c)  &  1. 


We  start  out  with  all  vertices  unvisited 


initial  =  a’  *  b’  *  c’ . 

And  from  this  we  ask  if  a  complete  tour  exists  starting  and  returning  to  a  given  vertex,  a: 

%prove  visit_a_b  *  visit_b_c  *  visit_c_a  -o  initial  -o  (a  -o  a) . 

In  the  following  table  we  summarise  the  results  of  asking  these  queries  on  all  compete 
graphs  of  up  to  8  vertices.  We  also  ask  the  prover  to  saturate  on  a  few  directed  acyclic 
graphs  of  size  up  to  4. 


right-biased  lipf 

left-biased  lipf 

name 

iters 

gen 

subs 

time 

iters 

gen 

subs 

time 

hamilton 

708 

911 

185 

0.11 

165 

178 

0 

<0.001 

The  surprising  result  in  these  examples  is  that  left-biasing  is  vastly  superior  to  right¬ 
biasing.  Examination  of  the  derived  rules  reveals  that  all  rules  in  the  left-biased  case  for 
the  edge  transitions  are  single-premiss  rules,  whereas  they  have  two  premisses  each  for 
the  right-biased  system.  Furthermore,  in  the  right  biased  case  there  is  an  overlap  in  the 
rules  as  some  of  the  premisses  are  satisfied  by  implicit  weakening  from  the  affine  context, 
as  presented  in  section  3.3[  All  the  sequents  generated  in  this  fashion  were  immediately 
subsumed,  but  the  redundancy  had  a  noticeable  overhead.  The  left-biased  system,  on  the 
other  hand,  proceeds  methodically  to  explore  the  graph,  making  not  a  single  redundant 
choice.  The  sequents  generated  in  this  case  contain  a  pleasing  visualisation  of  the  current 
"state"  of  the  exploration  of  the  graph. 
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7.2.3  Affine  logic  problems 


Linearity  is  often  too  stringent  a  requirement  for  situations  where  we  simply  need  affine 
logic,  i.e.,  where  every  hypothesis  is  consumed  at  most  once.  Affine  logic  can  be  embedded 
into  linear  logic  by  translating  every  affine  arrow  A  — >  B  as  either  A  B  0  T  or  A  &  1  B. 
Of  course,  one  might  select  complex  encodings;  for  example  choosing  A  &  !(0  X)  -°  B 
(for  some  arbitrary  fresh  proposition  X)  instead  of  A  &  1  B.  Even  though  the  two 
translations  are  equivalent,  the  prover  performs  poorly  on  the  former.  The  Gandalf 
provers  Gt  and  Gr  fail  on  these  examples  (give  incorrect  answers). 


right-biased 

left-biased 

encoding 

iters 

gen 

subs 

time 

iters 

gen 

subs 

time 

A  — o  B  ®  T 

38 

108 

73 

0.003 

34 

107 

73 

0.002 

A  &  1  — o  B 

252 

1103 

828 

0.098 

62 

229 

126 

0.019 

A  &  !(0  -o  X)  -o  B 

264 

7099 

6793 

2.028 

235 

841 

578 

0.042 

It  should  be  noted  that,  as  mentioned  in  sec.  3.3  that  our  treatment  of  negative  &1  is 
merely  a  heuristic,  as  the  question  of  when  a  proposition  is  equivalent  to  A  &  1  is  itself 
as  hard  as  proving  arbitrary  theorems  (and  therefore  undecidable).  However,  if  the  user 
were  to  carefully  use  &1  instead  of  &  !(0  X),  then  this  heuristic  suffices. 


7.3  First-order  experiments 


7.3.1  First-order  planning 


In  this  section  we  shall  have  the  first-order  version  of  the  blocks  world  problems  in 
sec.  7.2.1  With  quantifiers,  it  becomes  considerably  easier  to  specify  the  rules  of  the 


system,  as  one  can  write  them  generically  about  all  blocks.  In  this  encoding,  the  blocks 
and  the  table  become  terms.  The  state  of  the  robotic  arm  is  represented  in  terms  of  two 
atoms:  the  propositional  atom  empty  from  before,  and  the  predicate  holds ()  that  takes 
the  block  it  holds  as  an  argument.  Similarly,  on()  becomes  a  binary  predicate,  and  free  () 
a  unary  predicate. 

The  "pick"  rule  is  written  generically  by  quantifying  over  all  blocks: 
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pick_from_block:  (a)  (b)  on(a,b)  *  free (a)  *  empty 

-o  holds(a)  *  free(b). 


The  table  can  be  implemented  in  two  ways.  The  first  way  treats  the  table  as  another  block 
that  is  always  free:  this  it  accomplishes  by  asserting  free  (table)  as  a  new  unrestricted 
resource,  and  requires  a  new  rule,  free  (table)  -o  1,  for  "consuming"  free  (table)  that 
gets  created  by  a  rule  such  as  pick_from_block.  We  don't  take  this  approach  because 
negative  propositions  of  the  form  A  -o  1  in  the  forward  direction  ends  up  blowing  up  the 


sequent  database  because  of  reasons  outlined  in  sec.  3.3  Instead,  we  add  a  new  rule  for 
picking  up  blocks  from  the  table. 


pick_from_table :  (a)  on_table(a)  *  free(a)  *  empty  -o  holds(a). 


The  particular  example  from  sec.  7.2.1  becomes  the  following  directive  in  the  first  order 


case. 


%prove  on(a,b)  *  on_table(b)  *  on_table(c)  % 

*  free (a)  *  free(c)  *  empty  %  Initial  state 

-o  on(a,b)  *  on(b,c)  *  #.  %  Final  state 


We  also  include  the  monadic  version  of  this  problem  with  the  succeedents  of  implications 
in  the  {}  monad. 


The  following  table  summarises  the  results  of  our  experiments  on  one  such  query.  Both 
lif  and  liff  implement  globalisation  (sec.  6.3.1 ),  without  which  the  non-focusing  prover 
lif  takes  almost  ten  times  as  long  to  complete. 


LIF 

right-biased  liff 

left-biased  liff 

problem 

time 

iters 

gen 

subs 

time 

iters 

gen 

subs 

time 

blocks 

0.036 

45 

424 

317 

0.12 

26 

387 

337 

0.04 

blocks-clf 

0.046 

64 

697 

412 

0.264 

15 

81 

69 

0.006 

As  remarked  already  in  sec.  7.2.1  the  left-biased  system  strongly  outperforms  the  right- 
biased  system.  Six  actions  are  required  by  the  robotic  arm  to  achieve  the  desired  result; 
on  observing  the  sequents  generated  during  the  search,  it  appears  that  the  left-biased  liff 
comes  requires  exactly  two  iterations  of  the  OTTER  loop  per  action  in  the  monadic  case. 
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Another  simple  planning  problem  we  considered  in  the  first  order  case  is  Dijkstra's 
urn  game.  In  this  game,  there  is  an  urn  containing  black  and  white  balls.  In  each  round 
two  balls  are  removed  from  the  urn.  If  both  balls  are  the  same  colour,  then  a  black  ball 
is  added  back  to  the  urn;  otherwise,  the  black  ball  is  discarded  and  the  white  ball  added 
back  to  the  urn.  This  process  is  repeated  until  only  a  single  ball  remains  in  the  urn. 

The  encoding  of  this  game  is  extremely  easy:  represent  the  balls  with  the  predicate 
ball  (),  and  their  colours  by  the  terms  black  and  white.  The  multiplicity  of  ball  (black) 
denotes  the  number  of  black  balls  in  the  urn;  similarly  for  ball  (white).  The  transition 
rules  are: 

same:  (c)  ball(c)  *  ball(c)  -o  ball(black). 

diff:  ball(white)  *  ball(black)  -o  ball(white). 

An  example  problem  is: 

%prove  ball (black)  *  ball (white)  *  ball (white)  *  ball (black) 

-o  ball (white). 

The  following  table  summarises  the  results  of  several  such  example  problems. 


LIF 

right-biased  liff 

left-biased  liff 

problem 

time 

iters 

gen 

subs 

time 

iters 

gen 

subs 

time 

urn 

3.08 

29 

72 

27 

0.24 

13 

58 

55 

0.11 

The  problems  included  both  satisfiable  and  unsatisfiable  problems.  Unfortunately,  in 
the  unsatisfiable  case  the  prover  loops  forever  instead  of  saturating,  as  there  is  no  external 
imposition  on  the  maximum  number  of  balls  in  the  urn.  That  is  to  say,  although  the  rules 
guarantee  that  the  number  of  balls  decreases  in  each  step,  this  fact  is  not  exploitable  in  the 
inverse  method  where  every  sequent  reasons  only  about  a  fraction  of  the  state. 


7.4  Translations  to  linear  logic 

In  this  section  we  examine  the  performance  of  the  linear  inverse  method  as  a  reasoning 
framework  for  other  logics  that  can  be  embedded  into  linear  logic.  There  are  two  main 
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motivations  for  this  examination.  First,  that  it  gives  us  a  ready  source  of  difficult  problems 
to  stress  test  the  proven  The  translations  from  QBFs  to  linear  logic  in  sec.  7.4.1  for 
example,  were  used  to  show  that  propositional  multiplicative  additive  linear  logic  is 
PSPACE-complete 


The  second  benefit  to  looking  at  translations  is  that  it  gives  us  an  indication  of  the  utility 
of  linear  reasoning  in  a  setting  where  many  of  the  problems  will  be  non-linear.  Ideally,  the 
price  of  linear  reasoning  should  not  be  so  high  that  it  precludes  any  non-linear  reasoning. 
In  particular,  any  focusing  features  of  the  non-linear  logic  should  be  expressible  in  terms 
of  the  focusing  present  in  the  linear  logic. 


7.4.1  Quantified  Boolean  formulas 

As  shown  by  Lincoln  et  al  in  lf68H.  propositional  multiplicative  additive  linear  logic  is 
sufficiently  powerful  to  embed  quantified  Boolean  formulas Ii39l.  The  key  idea  of  the 
embedding  is  to  interpret  the  quantified  Boolean  variables  as  signals  in  a  circuit,  and  use 
the  linear  connectives  to  give  an  interpretation  of  the  Boolean  connectives  in  terms  of 
signals.  The  algorithm  in  |[68l  was  given  for  classical  linear  logic,  but  it  is  easily  adapted  to 
the  intuitionistic  case,  and  in  fact  gives  more  perspicuous  interpretations.  In  this  section  we 
will  look  at  two  minor  variants  of  this  embedding:  one  that  is  in  the  pure  multiplicative- 
additive  fragment,  and  one  that  uses  a  small  number  of  exponentiated  implications  in 
order  to  propagate  the  symbols.  While  the  logic  used  in  the  latter  embedding  will  be  far 
more  expressive  (and  undecidable)  than  that  of  the  former,  the  encoding  will  be  simpler 
and  the  theorem  prover  lipf  will  perform  better  on  it. 

The  language  of  the  QBFs  will  have  the  binary  connectives  V,  A,  the  unary  connective 
the  propositional  constants  T  and  _L,  and  the  propositional  quantifiers  V  and  3.  QBFs 
will  be  written  using  lowercase  letters  p,q, . . .  and  variables  with  the  x,  y,  etc.  We  assume 
that  all  formulas  are  rectified,  i.e.,  all  bound  variables  in  the  formula  are  distinct. 

Definition  7.1  (Multiplicative  additive  embedding). 

The  output  of  a  rectified  quantified  Boolean  formula  along  a  constant,  written  is  defined 
inductively  over  the  structure  of  of  the  proposition  and  obeys  the  following  equations. 

(x)s  =  (x  -°  x  ®  s)  &  (x  -o  x  ®  s) 
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s'  and  s'  fresh 


(T)s  =  S  <±)8  =  S 

P)s  =  iP)s'  0  ((S7  “°  s)  &  (S'  S)) 

{p  ^h)s  =  {p)Sl®{d)S2®^rv](s1,s2,s)  ]  _  J_£  , 

>  s i.  Si,  s2,  and  s2  fresh 

(P  v  q)s  =  <P>Sl  0  <<?>S2  0  di  s  J  (sn  s2/  s)  J 

(ix.p)s  =  (x  0  (x  -<3  l)  0  (jp)  J  ©  0  (x  ^  l)  0  J 

(3x.p)s  =  (x0(x-ol)8  (p)s)  &  (x 0  (x  1)  0  (p)s) 

Here  "fresh"  means  that  the  indicated  signal  occurs  nowhere  outside  the  body  of  the  translation. 
The  pair  conj  and  dis  j  encode  the  truth  tables  for  A  and  V  respectively.  Precisely, 

con  j  (si,  s2,  s)  =  (si  -o  s2^s) 

&  (si  — °  s2  s ) 

&  (Si  — 0  s2  — 0  s) 

&  (Si  s2  — 0  s) 
di  s  j  (si,  s2/  s )  =  (si  -^s2^s) 

&  (Si  — < o  S2  — °  s) 

&  (Si  — 0  s2  — o  s) 

&  (Si  — 0  S2  — 0  s) 

77ze  translation  of  the  quantified  Boolean  formula  p,  written  (p),  is  then  (p)s  -o  s  where  s  and  s 
are  fresh. 

To  get  a  rough  idea  for  why  this  translation  works,  note  that  the  proposition  x  0  (x  -°  1) 
denotes  the  assumption  that  x  is  true,  and  x  0  (x  -o  1)  that  x  is  false.  For  a  universal  quan¬ 
tification  Vx.p,  every  use  of  x  in  p  will  turn  into  (x  -°  x  0  s)  &  (x  -°  x  0  s).  If  x  is  true,  then  the 
left  operand  of  x  0  (x  -°  1)  will  match  up  with  the  left  operand  of  (x  -o  x  0  s)  &  (x  -o  x  0  s) 
to  produce  x  0  s,  of  which  the  left  half  x  will  again  be  removed  by  x  1,  leaving  just  s  at 
the  sites  where  x  occurred  in  p.  Similarly,  if  x  is  false,  then  at  these  occurrences  we  will  be 
left  with  s.  This  sketch  can  be  formalised  to  give  an  embedding  theorem  whose  proof  we 
leave  as  an  exercise. 


Fact  7.2  (Embedding). 

For  a  closed  quantified  Boolean  formida  p, 
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1.  p  is  true  if  and  only  if  - ;  ( p)s  =>  s;  and 

2.  p  is  false  if  and  only  if  - ;  ( p)s  =>  s. 


In  our  implementation,  we  translated  several  QBFs  using  this  translation  and  at¬ 
tempted  to  prove  the  resulting  sequent.  The  QBFs  we  looked  at  had  between  2  and  5 
variables  and  between  1  and  3  quantifier  alternations.  The  largest  example  in  the  test  suite 
was  the  translation  of  the  transitivity  of  implication,  Vx.Vy.Vz.(x  D  y)  D  (y  D  z)  D  (x  D  z ), 
where  p  D  q  was  defined  as  p  V  q  (qbf-3).  The  results  are  summarised  in  the  following 
table  Q 


right-biased  lipf 

left-biased  lipf 

encodings 

iters 

gen 

subs 

time 

iters 

gen 

subs 

time 

qbf-1 

1457 

5590 

4067 

0.54 

1581 

4352 

2612 

0.58 

qbf-2 

15267 

517551 

502174 

368.92 

9469 

49777 

37716 

29.55 

qbf-3 

28556 

990196 

961494 

2807.64 

21233 

89542 

115917 

308.24 

As  the  size  of  the  example  increases,  the  left-biased  system  overtakes  the  right-biased 
system  and  eventually  becomes  nearly  an  order  of  magnitude  faster. 

The  second  QBF  translation  we  used  is  a  slight  variant  of  the  above  translation,  except 
we  allow  for  arbitrary  copying  of  signals  instead  of  depending  on  x  -°  1  etc.  to  remove 
the  excesses. 


Definition  7.3  (Exponential  embedding). 

The  output  of  a  rectified  quantified  Boolean  formula  along  a  constant,  written  ((-))_,  is  defined 
inductively  over  the  structure  of  of  the  proposition  and  obeys  the  following  equations. 


«x»s  =  (i^s)&(r^>s) 
«T»S  =  s  «X»S  =  s 
«"■  P» s  =  «P»S'  ®  ((s7  -°  s)  &  (s'  -o  s)) 
«P  A  q))s  =  «p»Sl  (8  ((q))S2  <8  con j  (si,  s2,  s)  ) 

ip  V  q))s  =  ip))Sl  ®  iq))s2  ®  di  s  j  (si,  s2,  s)  J 


s'  and  s'  fresh 


S\,  Si,  s2,  and  s2  fresh 


1The  full  list  of  these  translations  can  be  found  in  the  tests/prop/qbf  directory  of  the  li  distribution; 
this  directory  also  includes  the  program  qbf-nonexp .  sml  that  can  be  used  to  translate  any  given  QBF. 
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«Vx.p»s  =  (l  x  ®  «p»s)  e  (!  X  0  «p»s) 
((3 x.p))s  =  (!  *  ®  «p»s)  &  (!  x  ®  «p»s) 


The  definitions  of  conj  and  disj  are  as  m  rfe/h.  7.2 


Once  again,  we  define  ((p))  as  ((p))s  s. 


Fact  7.4  (Embedding). 

For  a  closed  quantified  Boolean  formula  p, 

1.  p  is  true  if  and  only  if  - ;  ((p))s  =>  s;  and 

2.  p  is  false  if  and  only  if  - ;  ((p))s  =>  s. 


Because  this  translation  allows  arbitrary  reuse  of  the  variables  by  means  of  the  ex¬ 
ponential  operator,  the  prover  is  able  to  use  the  facilities  available  to  it  for  handling 
unrestricted  propositions.  Therefore,  it  is  able  to  furnish  proofs  much  faster;  even  the 
large  example  qbf-3  from  before  takes  mere  microseconds.  The  following  table  sum¬ 
marises  the  results  of  translating  the  entire  collection  of  formulas  in  qbf- 1,-2  and  -  3  from 
before  using  the  exponential  embedding. 


right-biased  lipf 

left-biased  lipf 

encodings 

iters 

gen 

subs 

time 

iters 

gen 

subs 

time 

qbf- exp 

1508 

1722 

140 

0.13 

7948 

17610 

9590 

2.69 

In  this  case  the  problems  are  simple  enough  that  the  benefits  of  the  left-biased  system 
are  still  smaller  than  its  overhead  over  the  right-biased  system;  cumulatively,  therefore, 
the  right-biased  system  performs  much  better. 


7.4.2  Intuitionistic  problems 


We  ran  our  prover  on  some  problems  drawn  from  the  SICS  benchmark  1110411.  These 
intuitionistic  problems  were  translated  into  linear  logic  in  two  different  ways:  the  first 
using  Girard's  original  encoding  of  classical  logic  in  classical  linear  logic  where  every 


subformula  is  affixed  with  the  exponential  (see  sec.  2.1.2  and  the  second  using  a  focus 


preserving  encoding  as  described  in  section  6.4  The  former  encoding  is  represented  using 
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the  suffix  -gir,  and  the  latter  with  -foe.  The  problems  are  ordered  in  terms  of  increasing 
complexity^] 

We  also  compared  our  prover  with  Sandstorm,  a  focusing  inverse  method  theorem 
prover  for  intuitionistic  logic  implemented  by  students  at  Carnegie  Mellon  University 
We  might,  in  principle,  have  compared  to  a  more  traditional  external  prover  such  as 
Vamp  ire  [100,  101]  or  Gandalf  [11091  lllll]  here,  but  such  a  comparison  would  be  unfair 
because  these  external  provers,  being  classical,  will  not  necessarily  find  intuitionistic 
proofs. 


right-biased  liff 

left-biased  liff 

SS 

problem 

iters 

gen 

subs 

time 

iters 

gen 

subs 

time 

time 

SICSI-gir 

360 

1948 

1394 

1.312 

368 

2897 

2181 

0.6 

0.04 

SICSI-foc 

56 

365 

313 

0.056 

64 

496 

415 

0.04 

SICS2-gir 

3035 

16391 

11732 

11.04 

3460 

27192 

20389 

5.856 

0.06 

SICS2-foc 

489 

3133 

2688 

0.472 

616 

4672 

3902 

0.376 

SICS3-gir 

20958 

1131823 

810085 

762.312 

12924 

1015552 

761517 

218.712 

1.12 

SICS3-foc 

3377 

21659 

18646 

33.096 

2300 

17464 

14969 

23.296 

SICS4-gir 

X 

X 

X 

X 

X 

X 

X 

X 

3.89 

SICS4-foc 

8896 

57056 

49047 

87.184 

6144 

46818 

39993 

62.24 

The  focus-preserving  translation  is  always  better  than  the  Girard-translation;  however, 
the  complexity  of  linear  logic,  particularly  the  significant  complexity  of  linear  contraction, 
makes  it  uncompetitive  with  the  intuitionistic  prover.  These  results  appear  to  support 
a  hypothesis  that  doing  purely  intuitionistic  reasoning  in  a  linear  theorem  prover  is 
inadvisable.  It  is  a  matter  of  future  work  to  attempt  to  combine  the  linear  inverse  method 
with  the  intuitionistic  inverse  method  in  a  combined  procedure.  This  can  either  be  done 
at  the  level  of  the  logic  by  having  separate  intuitionistic  connectives  that  operate  in  the 
unrestricted  context  (similar  to  the  approach  taken  in  LNL  logic  1(121),  or  the  inverse 
method  can  be  specialised  for  the  image  of  one  of  the  above  translations  to  use  more 
efficient  algorithms  that  ignore  the  linear  aspects  of  the  sequents.  The  feasibility  of  any 
such  process  is  not  supported  by  any  results  in  this  thesis,  and  should  be  taken  as  a 
statement  of  conjecture. 

2It  should  be  noted  that  this  is  not  the  full  collection  of  problems  from  the  SICS  benchmark.  The  particular 
selection  of  problems  can  be  seen  in  the  tests/ fo-int  directory  of  the  li  distribution. 
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7.4.3  Horn  clauses  from  TPTP 


For  our  last  set  of  examples,  we  selected  20  non-trivial  Horn  problems  from  the  TPTP 
version  3.1.1.  The  selection  of  problems  was  not  systematic,  but  we  did  not  constrain  our 
selection  to  any  particular  section  of  the  TPTP.  The  exact  list  of  problems  can  be  found  in 
the  tests/fo-horn  directory  of  the  li  distribution. 

We  used  the  translation  described  in  sec.  16.4.31 


iters 

righl 

gen 

-biased 

subs 

time 

iters 

left- 

gen 

biased 

subs 

time 

4911 

314640 

287004 

462.859 

6289 

704482 

526207 

638.818 

For  Horn  problems,  the  right-biased  system,  which  models  hyperresolution,  performs 
better  than  the  left-biased  system,  which  models  SLD  resolution.  This  observation  is  not 
unprecedented —  the  Gandalf  system  switches  to  a  Hyperresolution  strategy  for  Horn 
theories  IHlOl.  The  likely  reason  is  that  in  the  left-biased  system,  unlike  in  SLD  resolution 
system,  the  derived  rule  renames  the  input  sequent  rather  than  the  rule  itself. 


Chapter  summary  This  chapter  presents  several  experiments  performed  on  the 
provers  and  algorithms  described  in  earlier  chapters. 
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Chapter  8 
Conclusions 


This  thesis  has  the  following  major  contributions. 

1.  We  construct  a  forward  propositional  linear  sequent  calculus  with  special  attention 
paid  to  the  resource  management  issues  in  the  forward  direction.  In  particular,  we 
show  how  to  handle  structural  non-determinism  by  means  of  weak  linear  contexts 
and  weak  sequents.  The  resulting  calculus  can  be  used  in  an  inverse  method  prover. 

2.  We  show  how  to  extend  contraction  to  the  first-order  case  in  the  presence  of  additives 
by  means  of  an  algorithmic  contraction  procedure.  The  standard  lifting  procedure 
is  adapted  for  this  new  form  of  contraction  to  produce  a  forward  calculus  of  free 
variables  and  explicit  unification. 

3.  The  sequent  calculus  is  further  generalised  with  a  notion  of  derived  inference  rules 
using  focused  derivations  0.  We  first  reconstruct  focusing  from  first  principles, 
extending  existing  intuitionistic  focusing  calculi  with  the  concept  of  focusing  bias 
for  atomic  propositions.  We  show  that  altering  the  focusing  bias  for  atoms  gives 
rise  to  different  derived  rules,  which  correspond  closely  to  forward  and  backward 
readings  of  implications.  Finally  we  show  how  the  focused  inverse  method  simulates 
hyperresolution  and  SLD  resolution  for  Horn  theories,  and  show  how  to  translate 
from  intuitionistic  to  linear  logic  while  preserving  focus. 

4.  Finally,  we  substantiate  the  claims  of  this  thesis  with  an  implementation  of  the 
various  calculi  and  perform  an  experimental  evaluation  on  a  number  of  problems 
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drawn  both  from  applications  of  linear  logic  and  from  proof-theoretic  investigations 
into  linear  logic.  These  experiments  provide  empirical  support  for  the  choice  of 
combining  the  inverse  method  with  focused  derivations. 


8.1  Future  work 


Regarding  the  implementation  The  implementation  of  the  li  provers  has  several  av¬ 
enues  for  further  improvement.  One  aspect  that  has  been  entirely  neglected  is  the  use 
of  linearity  to  optimise  common  operations  such  as  indexing  and  subsumption.  The  hi¬ 
erarchical  tests  (defn.  4.11[)  are  a  first  attempt  at  exploiting  linearity,  but  it  exploits  the 
information  available  from  multiplicities  in  only  a  weak  way — only  the  propositional 
labels  are  examined  and  the  term  structure  is  ignored.  A  better  approach  might  be  to 
represent  the  contexts  themselves  as  indexed  data  structures  (for  example,  substitution 
trees),  so  one  might  more  accurately  detect  incompatible  multiplicities. 


The  indexing  data  structure  currently  used  in  the  prover  is  the  basic  substitution 
tree  structure  from  first-order  classical  resolution  provers  Il46l  [9911.  We  conjecture  that 
annotating  the  data  structure  with  multiplicity  information  at  the  internal  nodes  can 
improve  failure  detection.  The  index  can  also  be  improved  by  utilising  features  of  the 
term  structure  to  select  the  indexed  proposition;  several  such  proposals  for  improving  the 
efficiency  of  subsumption  have  been  made  by  Tammet  111111. 


Regarding  the  focusing  calculus  As  mentioned  in  sec.  6.4.5[  a  primary  open  question 
regarding  our  focusing  calculus  is  whether  the  simulation  of  hyperresolution  extends  to 
a  fuller  fragment  such  as  classical  linear  logic.  We  are  optimistic  that  such  an  extension 
can  be  found. 


The  space  of  focusing-aware  translations,  and  the  resulting  behaviour  of  derived  in¬ 
ference  rules,  has  only  begun  to  be  explored.  Several  sequent  calculi  for  intuitionistic 
logics  such  as  LJK  and  LJT  variously  contain  or  lack  features  of  focusing,  which  can  be 
explained  by  means  of  selective  affixion  of  the  exponential !  in  translations  to  intuitionistic 
linear  logic  If67l.  It  would  be  interesting  to  attempt  similar  translations  from  LO  to  the 
full  linear  logic  that  preserves  semantics  such  as  bottom-up  evaluation  a  la  Bozzano  and 
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Delzanno  [fl5lH8|. 


Extensions  to  the  logic  One  important  extension  to  the  linear  logic  that  has  been  found 
to  be  important  in  practice  is  support  for  constraint  domains.  For  practical  reasons  it  is 
infeasible  and  wasteful  to  treat  the  constraint  domains  internally  in  the  sequent  calculus; 
instead,  one  would  like  to  use  the  growing  library  of  efficient  decision  procedures  and 
constraint  solvers.  There  are  at  least  two  such  proposals  for  extensions  to  the  basic 
intuitionistic  linear  logic:  ILC  (59],  which  has  been  proposed  for  reasoning  about  pointer 
programs,  and  CILL  110511,  which  has  been  proposed  for  hybrid  robotic  planning.  The  key 
idea  in  each  case  is  to  extend  the  standard  sequent  T ;  A  =>  C  with  an  additional  guarded 
constraint  VF,  such  that  the  sequent  VF  |  T ;  A  =>  C  is  meaningful  only  if  the  guard  VF  is  a 
satisfiable  (b  vIy)Q  It  is  fairly  simple  to  construct  the  forward  version  of  the  CILL  calculus, 
but  interfacing  it  with  constraint  solvers  is  a  significant  engineering  task.  The  primary 
issue  is  that  forward  sequents,  being  local  objects,  have  independent  persistent  constraint 
objects,  whereas  most  constraint  solvers  are  designed  to  deal  with  a  single  global  mutable 
constraint  object.  It  is  an  open  question  whether  existing  constraint  solvers  can  be  adapted 
to  handle  this  mismatch. 


1More  precisely,  every  satisfying  assignment  to  the  constraint  gives  an  instance  of  the  linear  sequent  that 
should  be  true. 


209 


Bibliography 


[1]  BLAST.  Homepage:  http://www-cad.eecs.berkeley.edu/~rupak/blast. 

[2]  ELAN.  Homepage:  http://www.loria.fr/equipes/protheo/SOFTWARES/ELAN/, 

[3]  Lygon.  Homepage:  http://www.cs.rmit.edu.au/lygon/. 

[4]  The  Maude  system.  Home  page:  http :  / /maude .  cs .  uiuc .  edu/, 

[5]  Samson  Abramsky.  Computational  interpretations  of  linear  logic.  Theoretical  Com¬ 
puter  Science,  lll(l&2):3-57, 1993. 

[6]  Samson  Abramsky  and  Radha  Jagadeesan.  Games  and  full  completeness  for  multi¬ 
plicative  linear  logic.  Journal  of  Symbolic  Logic,  15(2):543-574, 1994. 

[7]  Jean-Marc  Andreoli.  Logic  programming  with  focusing  proofs  in  linear  logic.  Journal 
of  Logic  and  Computation,  2(3):297-347, 1992. 

[8]  Jean-Marc  Andreoli.  Focussing  and  proof  construction.  Annals  of  Pure  and  Applied 
Logic,  107:131-163,  2001. 

[9]  Jean-Marc  Andreoli  and  R.  Pareschi.  Linear  objects:  logical  processes  with  built-in 
inheritance.  New  Generation  Computing,  9(3-4) :445-473, 1991. 

[10]  Thomas  Ball  and  Sriram  K.  Rajamani.  Bebop:  A  symbolic  model  checker  for  boolean 
programs.  In  SPIN,  pages  113-130.  Microsoft  Corporation,  2000. 

[11]  Andrew  Barber  and  Gordon  Plotkin.  Dual  intuitionistic  linear  logic.  Technical 
Report  ECS-LFCS-96-347,  University  of  Edinburgh,  1996. 


210 


[12]  Nick  Benton.  A  mixed  linear  and  non-linear  logic:  Proofs,  terms  and  models. 
Technical  Report  352,  University  of  Cambridge  Computer  Laboratory,  1994.  [65 
page  version], 

[13]  Nick  Benton,  Gavin  Bierman,  Valeria  de  Paiva,  and  Martin  Hyland.  A  term  calculus 
for  intuitionistic  linear  logic.  In  M.  Bezem  and  G.  F.  Groote,  editors.  Proceedings  of 
the  International  Conference  on  Typed  Lambda  Calculi  and  Applications  (TLCA),  pages 
75-90,  Utrecht,  The  Netherlands,  March  1993.  Springer- Verlag  LNCS  664. 

[14]  Marco  Bozzano.  A  Logic-Based  Approach  to  Model  Checking  of  Parameterized  and  Infinite- 
State  Systems.  PhD  thesis,  DISI,  Universita  di  Genova,  2002. 

[15]  Marco  Bozzano.  A  Logic-Based  Approach  to  Model  Checking  of  Parameterized  and  Infinite- 
State  Systems.  PhD  thesis,  DISI,  Universita  di  Genova,  2002. 

[16]  Marco  Bozzano  and  Giorgio  Delzanno.  Algorithmic  verification  of  invalidation- 
based  protocols.  In  Proceedings  ofCAV,  Copenhagen,  Denmark,  July  2002. 

[17]  Marco  Bozzano  and  Giorgio  Delzanno.  Automated  protocol  verification  in  linear 
logic.  In  Proceedings  ofPPDP,  Pittsburgh,  Pennsylvania,  October  2002. 

[18]  Marco  Bozzano,  Giorgio  Delzanno,  and  Maurizio  Martelli.  Model  checking  linear 
logic  specifications.  TPLP,  4(4-6):573-619,  2004. 

[19]  Stephen  D.  Brookes,  C.  A.  R.  Hoare,  and  A.  W.  Roscoe.  A  theory  of  communicating 
sequential  processes.  Journal  of  the  ACM,  31(3):560-599,  July  1984. 

[20]  Iliano  Cervesato.  Petri  nets  and  linear  logic:  a  case  study  for  logic  programming.  In 
M.  Apuente  and  M.I.  Sessa,  editors.  Proceedings  of  the  Joint  Converence  on  Declarative 
Programming  (GULP-PRODE),  pages  313-318,  Marina  di  Vietri,  Italy,  September 
1995.  Palladio  Press. 

[21]  Iliano  Cervesato.  A  specification  language  for  crypto-protocols  based  on  multi¬ 
set  rewriting,  dependent  types  and  subsorting.  In  G.  Delzanno,  S.  Etalle,  and 
M.  Gabbrielli,  editors.  Workshop  on  Specification,  Analysis  and  Validation  for  Emerging 
Technologies  —  SAVE'01,  pages  1-22,  Paphos,  Cyprus,  December  2001. 


211 


[22]  Iliano  Cervesato,  Joshua  S.  Hodas,  and  Frank  Pfenning.  Efficient  resource  manage¬ 
ment  for  linear  logic  proof  search.  In  R.  Dyckhoff,  H.  Herre,  and  P.  Schroeder-Heister, 
editors.  Proceedings  of  the  5th  International  Workshop  on  Extensions  of  Logic  Program¬ 
ming,  pages  67-81,  Leipzig,  Germany,  March  1996.  Springer- Verlag  LNAI 1050. 

[23]  Iliano  Cervesato,  Joshua  S.  Hodas,  and  Frank  Pfenning.  Efficient  resource  manage¬ 
ment  for  linear  logic  proof  search.  Theoretical  Computer  Science,  special  issue  on  Proof 
Search  in  Type-Theoretic  Languages,  232(1~2):133-163,  February  2000. 

[24]  Iliano  Cervesato  and  Frank  Pfenning.  A  linear  logical  framework.  In  E.  Clarke, 
editor,  11th  Annual  Symposium  on  Logic  in  Computer  Science  —  LICS'96,  pages  264- 
275,  New  Brunswick,  NJ,  27-30  July  1996.  IEEE  Computer  Society  Press.  This  work 
appeared  as  Preprint  1834  of  the  Department  of  Mathematics  of  Technical  University 
of  Darmstadt,  Germany. 

[25]  Iliano  Cervesato,  Frank  Pfenning,  David  Walker,  and  Kevin  Watkins.  A  concurrent 
logical  framework  II:  Examples  and  applications.  Technical  Report  CMU-CS-02- 
102,  Carnegie  Mellon  University,  March  2002.  At:  http :  / /www-  2  .  cs .  emu .  edu/~fp/ 
papers/CMU-CS-02- 102 .pdf. 

[26]  Sagar  Chaki,  Sriram  K.  Rajamani,  and  Jakob  Rehof.  Types  as  models:  Model  check¬ 
ing  message-passing  programs.  In  Proceedings  ofPOPL  2002,  January  16-18  2002. 

[27]  Bor-Yuh  Evan  Chang,  Kaustuv  Chaudhuri,  and  Frank  Pfenning.  A  judgmental  anal¬ 
ysis  of  linear  logic.  Technical  Report  CMU-CS-03-131-R,  Carnegie  Mellon  University, 
2003,  revised  2004. 

[28]  Kaustuv  Chaudhuri  and  Frank  Pfenning.  A  focusing  inverse  method  theorem 
prover  for  first  order  linear  logic.  In  Proceedings  of  CADE-20,  pages  69-83,  Tallinn, 
Estonia,  July  2005.  Springer- Verlag  LNCS-3632. 

[29]  J.  Christian.  Fast  Knuth-Bendix  completion:  A  summary.  In  N.  Dershowitz,  editor. 
Proceedings  of  the  3rd  International  Conference  on  Rewriting  Techniques  and  Applications 
(RTA),  pages  551-555.  Springer- Verlag  LNCS  355, 1986. 

[30]  J.  Christian.  Flatterms,  discrimination  nets,  and  fast  term  rewriting.  Journal  of 
Automated  Reasoning,  10(1):95-113, 1993. 


212 


[31]  Edward  M.  Clarke  and  O.  Grumberg.  Avoiding  the  state  explosion  problem  in 
temporal  logic  model  checking  algorithms.  In  Proceedings  of  PODC'87,  pages  294- 
303.  ACM  Press,  1987. 

[32]  Vincent  Danos,  Jean-Baptiste  Joinet,  and  Harold  Schellinx.  Lkq  and  lkt:  sequent 
calculi  for  second  order  logic  based  upon  dual  linear  decompositions  of  classical 
implication.  In  Jean- Yves  Girard  and  Yves  Lafont,  editors.  Proceedings  of  the  Workshop 
on  Linear  Logic,  pages  211-224.  London  Mathematical  Society  Lecture  Notes  222, 
Cambridge  University  Press,  1995. 

[33]  Vincent  Danos,  Jean-Baptiste  Joinet,  and  Harold  Schellinx.  A  new  deconstructive 
logic:  Linear  logic.  Journal  of  Symbolic  Logic,  62(3):755-807, 1997. 

[34]  Satyaki  Das,  David  L  Dill,  and  Seungjoo  Park.  Experience  with  predicate  abstraction. 
Computer  Aided  Verification,  pages  160-171, 1999. 

[35]  Anatoli  Degtyarev  and  Andrei  Voronkov.  The  inverse  method.  In  James  Alan 
Robinson  and  Andrei  Voronkov,  editors.  Handbook  of  Automated  Reasoning,  chapter  4, 
pages  179-272.  MIT  Press,  September  2000. 

[36]  Kevin  Donnelly,  Tyler  Gibson,  Neel  Krishnaswami,  Stephen  Magill,  and  Sungwoo 
Park.  The  inverse  method  for  the  logic  of  bunched  implications.  In  P.  Baader  and 
Andrei  Voronkov,  editors.  Proceedings  of  the  11th  International  Conference  on  Logic 
for  Programming,  Artificial  Intelligence,  and  Reasoning,  pages  466-480,  Montevideo, 
Uruguay,  March  2005.  Springer  LNCS  3452. 

[37]  Roy  Dyckhoff.  Contraction-free  sequent  calculi  for  intuitionistic  logic.  Journal  of 
Symbolic  Logic,  57:795-807, 1992. 

[38]  Harvey  Priedman.  Classically  and  intuitionistically  provably  recursive  functions.  In 
D.S.  Scott  and  G.H.  Muller,  editors.  Higher  Set  Theory,  pages  21-27.  Springer- Verlag 
LNM  699, 1978. 

[39]  Michael  R.  Garey  and  David  S.  Johnson.  Computers  and  intractability:  a  guide  to  the 
theory  ofNP-completeness.  W.  H.  Preeman,  San  Prancisco,  1979.  ISBN  0-7167-1045-5. 


213 


[40]  Gerhard  Gentzen.  Untersuchungen  iiber  das  logische  Schliefien.  Mathematische 
Zeitschrift,  39:176-210,  405-431, 1935.  English  translation  in  M.  E.  Szabo,  editor.  The 
Collected  Papers  of  Gerhard  Gentzen,  pages  68-131,  North-Holland,  1969. 

[41]  Gerhard  Gentzen.  Collected  papers  of  Gerhard  Gentzen.  North-Holland,  Amsterdam, 
1968. 

[42]  Jean- Yves.  Girard.  Linear  logic.  Theoretical  Computer  Science,  50:1-102, 1987. 

[43]  Jean- Yves  Girard.  On  the  unity  of  logic.  Annals  of  Pure  and  Applied  Logic,  59:201-217, 
1993. 

[44]  Jean- Yves  Girard.  Locus  solum:  from  the  rules  of  logic  to  the  logic  of  rules.  Mathe¬ 
matical  Structures  in  Computer  Science,  11:301-506,  2001. 

[45]  G.  Godelfroid.  Using  partial  orders  to  improve  automatic  verification  methods.  In 
Proceedings  ofCAV,  1990. 

[46]  Peter  Graf.  Term  Indexing.  Springer  LNAI 1053, 1996. 

[47]  Susanne  Graf  and  Hassen  Saidi.  Construction  of  abstract  state  graphs  with  pvs.  In 
O.  Grumberg,  editor,  Prceedsings  ofCAV,  volume  1254,  pages  72-83.  Springer- Verlag, 
1997. 

[48]  James  Harland  and  David  Pym.  The  uniform  proof-theoretic  foundations  of  linear 
logic  programming.  In  V.  Saraswat  and  K.  Ueda,  editors.  Proceedings  of  the  Interna¬ 
tional  Logic  Programming  Symposium,  pages  034-318,  San  Diego,  California,  October 
1991. 

[49]  James  Harland  and  David  J.  Pym.  Resource-distribution  via  boolean  constraints.  In 
W.  McCune,  editor.  Proceedings  of  CADE-14,  pages  222-236,  Townsville,  Australia, 
July  1997.  Springer- Verlag  LNAI  1249. 

[50]  James  Harland  and  Philip  Winikoff.  Deterministic  resource  management  for  the 
linear  logic  programming  Lygon.  Technical  Report  TR  94/23,  Melbourne  University, 
Department  of  Computer  Science,  1994. 


214 


[51]  Robert  Harper  and  Frank  Pfenning.  On  equivalence  and  canonical  forms  in  the  If 
type  theory.  Technical  Report  CMU-CS-00-148,  Carnegie  Mellon  University,  Pitts¬ 
burgh,  PA,  2000. 

[52]  C.  A.  R.  Hoare.  Communicating  sequential  processes.  Communications  of  the  ACM, 
1978. 

[53]  Joshua  S.  Hodas.  Lolli:  an  extension  of  AProlog  with  linear  logic  context  man¬ 
agement.  In  Dale  Miller,  editor.  Proceedings  of  the  1992  workshop  on  the  AProlog 
programming  language,  Philadelphia,  1992. 

[54]  Joshua  S.  Hodas.  Logic  programming  with  multiple  context  management  schemes. 
In  Roy  Dyckhoff,  editor.  Fourth  International  Workshop  on  Extensions  of  Logic  Program¬ 
ming,  pages  171-182,  St.  Andrews,  United  Kingdom,  1993.  Springer- Verlag  LNCS 
360. 

[55]  Joshua  S.  Hodas.  Logic  Programming  in  Intuitionistic  Linear  Logic:  Theory,  Design,  and 
Implementation.  PhD  thesis.  University  of  Pennsylvania,  1994. 

[56]  Joshua  S.  Hodas  and  Dale  Miller.  Logic  programming  in  a  fragment  of  linear  logic. 
Journal  of  Information  and  Computation,  110(2):327-365, 1994. 

[57]  Jakob  M.  Howe.  Proof  search  issues  in  some  non-classical  logics.  PhD  thesis.  University 
of  St.  Andrews,  September  1999. 

[58]  Radhakrishna  Jagadeesan,  Gopalan  Nadathur,  and  Vijay  Saraswat.  Testing  con¬ 
current  sytems:  An  interpretation  of  intuitionistic  logic.  In  Proceedings  of  the  25th 
Annual  Conference  on  Foundations  of  Software  Technology  and  Theoretical  Computer  Sci¬ 
ence  (FSTTCS),  pages  517-528.  Springer- Verlag  LNCS  3821, 2005. 

[59]  Limin  Jia  and  David  Walker.  ILC:  A  foundation  for  automated  reasoning  about 
pointer  programs.  In  P.  Sestoft,  editor.  Proceedings  of  the  15th  European  Symposium 
on  Programming  Languages  and  Systems  (ESOP'06),  pages  131-145.  Springer-Verlag 
LNCS  3924,  March  2006. 

[60]  John  Arnold  Kalman.  Automated  reasoning  with  Otter.  Rinton  Press,  Princeton,  NJ, 
2001.  With  a  foreword  by  Larry  Wos. 


215 


[61]  R.  Kowalski  and  D.  Kuehner.  Linear  resolution  with  selection  function.  Artificial 
Intelligence,  2:227-260, 1971. 

[62]  Yves  Lafont  and  Thomas  Streicher.  Games  semantics  for  linear  logic.  In  Proceedings 
of  the  Sixth  Annual  IEEE  Symposium  on  Logic  in  Computer  Science,  Amsterdam,  The 
Netherlands,  July  1991.  IEEE  Computer  Society  Press,  Los  Amitos,  California. 

[63]  James  R.  Larus,  Sriram  K.  Rajamani,  and  Jakob  Rehof.  Behavioral  types  for  struc¬ 
tured  asynchronous  programming.  Technical  report,  Microsoft  Research,  November 
2001.  Contact  authors  for  access. 

[64]  Olivier  Laurent.  Etude  de  la  polarisation  en  logique.  PhD  thesis.  University  of  Aix- 
Marseille,  March  2002. 

[65]  Olivier  Laurent.  Classical  isomorphisms  of  types.  Mathematical  Structures  in  Com¬ 
puter  Science,  15(5):969-1004,  2005. 

[66]  Paul  B.  Levy.  Jumbo  lambda-calculus.  In  V.  Sassone  M.  Bugliesi,  B.  Preneel  and 
I.  Wegener,  editors.  Proceedings  of  the  33rd  International  Colloquium  on  Automata, 
Languages  and  Programming  (ICALP),  volume  2,  pages  444—455,  Venice,  Italy,  July 
2006.  Springer- Verlag  LNCS  4052. 

[67]  Chuck  Liang  and  Dale  Miller.  On  focusing  and  polarities  in  linear  logic  and  intu- 
itionistic  logic,  December  2006.  Draft  manuscript. 

[68]  Patrick  D.  Lincoln,  John  C.  Mitchell,  Andre  Scedrov,  and  Natarajan  Shankar.  De¬ 
cision  problems  for  propositional  linear  logic.  Annals  of  Pure  and  Applied  Logic, 
56:239-311, 1992. 

[69]  K.  L.McMillan.  A  technique  of  state  space  search  based  on  unfolding.  Formal  Methods 
in  System  Design:  An  International  Journal,  1995. 

[70]  Heiko  Mantel  and  Jens  Otten.  LinTAP:  A  tableau  prover  for  linear  logic.  In  A.  Mur¬ 
ray,  editor.  International  Conference  TABLEAUX'99,  pages  217-231,  New  York,  June 
1999.  Springer- Verlag  LNAI 1617. 

[71]  Narciso  Martf-Oliet  and  Jose  Meseguer.  Action  and  change  in  rewriting  logic.  In 
R.  Pareschi  and  B.  Pronhofer,  editors.  Dynamic  Worlds,  pages  1-53.  Kluwer,  Dor¬ 
drecht,  1999. 


216 


[72]  Per  Martin-Lof.  On  the  meanings  of  the  logical  constants  and  the  justifications  of 
the  logical  laws.  Nordic  Journal  of  Philosophical  Logic,  1(1):11— 60,  1996.  Lecture  notes 
to  a  short  course  at  Universita  degli  Studi  di  Siena,  April  1983. 

[73]  S.  Maslov.  The  inverse  method  of  establishing  deducibility  in  the  classical  predicate 
calculus.  Soviet  Mathematical  Doklady,  5:1420-1424, 1964. 

[74]  W.  McCune.  Experiments  with  discrimination-tree  indexing  and  path  indexing  for 
term  retrieval.  Journal  of  Automated  Reasoning,  9(2):147— 167,  1992. 

[75]  Daniel  Mery.  Preuves  et  Semantiques  dans  des  Logiques  de  Ressources.  PhD  thesis, 
Universite  Henri  Poincare,  Nancy,  France,  November  2004. 

[76]  Stephan  Merz.  On  the  logic  of  TLA+.  Special  Issue  of  Computers  and  Informatics  on  the 
semantics  of  specification  formalisms,  2003. 

[77]  Dale  Miller.  The  7i-calculus  as  a  theory  in  linear  logic:  Preliminary  results.  In 
E.  Lamma  and  P.  Mello,  editors.  Proceedings  on  the  Workshop  on  Extensions  of  Logic 
Programming,  pages  242-265.  Springer  Verlag  LNCS  660, 1992. 

[78]  Dale  Miller.  Forum:  A  multiple-conclusion  specification  logic.  Theoretical  Computer 
Science,  165(l):201-232, 1996. 

[79]  Dale  Miller,  Gopalan  Nadathur,  Frank  Pfenning,  and  Andre  Scedrov.  Uniform 
proofs  as  a  foundation  for  logic  programming.  Annals  of  Pure  and  Applied  Logic, 
51:125-157, 1991. 

[80]  Dale  A.  Miller,  Gopalan  Nadathur,  and  Andre  Scedrov.  Hereditary  Harrop  formulas 
and  uniform  proof  systems.  In  David  Gries,  editor.  Proceedings  of  the  2nd  IEEE 
Symposium  on  Logic  in  Computer  Science,  pages  98-105,  Ithaca,  New  York,  1987. 

[81]  Robin  Milner.  Communication  and  Concurrency.  Prentice-Hall,  1989. 

[82]  Robin  Milner.  Communicating  and  Mobile  Systems:  the  n-calculus.  Cambridge  Uni¬ 
versity  Press,  1999. 

[83]  Grigori  Mints.  Resolution  calculus  for  the  first  order  linear  logic.  Journal  of  Logic, 
Language  and  Information,  2(l):59-83, 1993. 


217 


[84]  Grigori  Mints.  Resolution  strategies  for  the  intuitionistic  logic.  In  Constraint  Pro¬ 
gramming,  NATO  ASI  Series  F,  pages  289-311.  Springer- Verlag,  1994. 

[85]  Kedar  S.  Namjoshi.  Ameliorating  the  state-space  explosion  problem.  PhD  thesis.  Uni¬ 
versity  of  Texas  at  Austin,  1998. 

[86]  Sara  Negri.  A  normalizing  system  of  natural  deduction  for  intuitionistic  linear  logic. 
Mathematical  Logic,  41:789-810,  September  2000. 

[87]  Sara  Negri.  Varieties  of  linear  calculi.  Journal  of  Philosophical  Logic,  31:569-590, 2002. 

[88]  Sara  Negri  and  Roy  Dykhoff.  Admissibility  of  structural  rules  for  contraction-free 
systems  of  intuitionistic  logic.  Journal  of  Symbolic  Logic,  65:1499-1518,  December 
2000. 

[89]  Peter  O'Hearn.  On  bunched  typing.  Journal  of  Functional  Programming,  13(4):747- 
796, 2003. 

[90]  D.  Pelled.  All  from  one,  one  for  all:  on  model  checking  using  representatives.  In 
Proceedings  ofCAV,  1998. 

[91]  C.  A.  Petri.  Fundamentals  of  a  theory  of  asynchronous  information  flow.  In  Proceed¬ 
ings  of  the  IFTP  Congress  62,  1963. 

[92]  Frank  Pfenning.  Structural  cut  elimination  in  linear  logic.  Technical  Report  CMU- 
CS-94-222,  Carnegie  Mellon  University,  December  1994. 

[93]  Frank  Pfenning.  Structural  cut  elimination  in  linear  logic.  Technical  Report  CMU- 
CS-94-222,  Carnegie  Mellon  University,  December  1994. 

[94]  Frank  Pfenning  and  Rowan  Davies.  A  judgmental  reconstruction  of  modal  logic. 
Mathematical  Structures  in  Computer  Science,  ll(4):511-540,  2001. 

[95]  Jeff  Polakow.  Ordered  Linear  Logic  and  Applications.  PhD  thesis,  Carnegie  Mellon 
University,  August  2001. 

[96]  Jeff  Polakow  and  Frank  Pfenning.  Relating  natural  deduction  and  sequent  calculus 
for  intuitionistic  non-commutative  linear  logic.  In  Andre  Scedrov  and  Achim  Jung, 
editors.  Proceedings  of  the  15th  Conference  on  Mathematical  Foundations  of  Programming 


218 


Semantics,  New  Orleans,  Louisiana,  April  1999.  Electronic  Notes  in  Theoretical 
Computer  Science,  Volume  20. 

[97]  Dag  Prawitz.  Ideas  and  results  in  proof  theory.  In  Jens  Erik  Fenstad,  editor.  Proceed¬ 
ings  of  the  2nd  Scandinavian  Logic  Symposiym,  pages  235-307,  Amsterdam,  June  1970. 
North  Holland. 

[98]  David  J.  Pym  and  James  Harland.  A  uniform  proof-theoretic  investigation  of  linear 
logic.  Journal  of  Logic  and  Computation,  4(2):175-207,  April  1994. 

[99]  I.  V.  Ramakrishnan,  R.  C.  Sekar,  and  Andrei  Voronkov.  Term  indexing.  In  Handbook 
of  Automated  Reasoning,  pages  1853-1964.  Elsevier  and  MIT  Press,  2001. 

[100]  Alexander  Riazanov  and  Andrei  Voronkov.  Vampire.  In  Proceedings  of  CADE-16, 
pages  282-286.  Spring- Verlag  LNAI 1632, 1999. 

[101]  Alexander  Riazanov  and  Andrei  Voronkov.  Vampire  1.1  (system  description).  In 
Proceedings  of  the  International  Joint  Conference  on  Automated  Reasoning  (IJCAR),  pages 
376-380.  Springer-Verlag  LNAI  2083,  2001. 

[102]  J.  A.  Robinson.  A  machine-oriented  logic  based  on  the  resolution  principle.  Journal 
of  the  ACM,  12(1):23 — 41, 1965. 

[103]  James  Alan  Robinson.  Automatic  deduction  with  hyper-resolution.  International 
Journal  of  Computational  Mathematics,  1:227-234, 1965. 

[104]  Dan  Sahlin,  Torkel  Franzen,  and  Seif  Haridi.  An  intuitionistic  predicate  logic  theo¬ 
rem  prover.  Journal  of  Logic  and  Computation,  2(5):619— 656,  1992. 

[105]  Ulug  Saranli  and  Frank  Pfenning.  Using  constrained  intuitionistic  linear  logic  for 
hybrid  robotic  planning  problems,  September  2006.  Draft  manuscript. 

[106]  Harold  Schellinx.  The  Noble  Art  of  Linear  Decorating.  PhD  thesis.  University  of 
Amsterdam,  February  1994. 

[107]  Danny  D.  Sleator  and  Robert  E.  Tarjan.  Self-adjusting  binary  search  trees.  Journal  of 
the  ACM,  32(3):652— 686, 1985. 


219 


[108]  Tanel  Tammet.  A  resolution  theorem  prover  for  intuitionistic  logic.  In  M.  McRobbie 
and  J.  Slaney,  editors.  Proceedings  of  CADE-13,  pages  2-16,  New  Brunswick,  New 
Jersey,  1996.  Springer- Verlag  LNCS  1104. 

[109]  Tanel  Tammet.  Gandalf.  Journal  of  Automated  Reasoning,  18(2):199-204, 1997. 

[110]  Tanel  Tammet.  Resolution,  inverse  method  and  the  sequent  calculus.  In  Proceedings 
of  the  5th  Kurt  Godel  Colloquial  on  Computational  Logic  and  Proof  Theory  (KGC'97), 
pages  65-83,  Vienna,  Austria,  1997.  Springer- Verlag  LNCS  1289. 

[111]  Tanel  Tammet.  Towards  efficient  subsumption.  In  Proceedings  of  CADE-15,  pages 
427-441, 1998. 

[112]  Tannel  Tammet.  Proof  strategies  in  linear  logic.  Journal  of  Automated  Reasoning, 
12(3):273-304, 1994. 

[113]  Naoyuki  Tamura.  Llprover.  At:  http://bach.istc.kobe-u.ac.jp/llprover, 

[114]  A.  Valmari.  A  stubborn  attack  on  state  explosion.  In  Proceedings  ofCAV,  1990. 

[115]  M.  H.  van  Emden  and  R.  A.  Kowalski.  The  semantics  of  predicate  logic  as  a  pro¬ 
gramming  language.  Journal  of  the  ACM,  23(4):733-742, 1976. 

[116]  Andrei  Voronkov.  Theorem  proving  in  non-standard  logics  based  on  the  inverse 
method.  In  D.  Kapur,  editor.  Proceedings  of  the  CADE-11,  pages  648-662,  Saratoga 
Springs,  New  York,  1992.  Springer- Verlag  LNCS  607. 

[117]  Kevin  Watkins,  Iliano  Cervesato,  Frank  Pfenning,  and  David  Walker.  A  concurrent 
logical  framework  I:  Judgments  and  properties.  Technical  Report  CMU-CS-02-101, 
Carnegie  Mellon  University,  March  2002. 

[118]  Michael  Winikoff  and  James  Harland.  Implementing  the  linear  logic  programming 
language  Lygon.  In  Proceedings  of  the  International  Logic  Programming  Symposium 
(ILPS),  pages  66-80,  December  1995. 

[119]  Noam  Zeilberger.  On  the  unity  of  duality.  Unpublished  manuscript,  2006.  Available 
at:  http : //www . cs . emu . edu/~noam/research/unity-duality . pdf. 


220 


